Lucene search
+L

21 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-10800

Malicious code in bioql PyPI...

8.2CVSS6.3AI score0.00585EPSS
Exploits0References13
OSV
OSV
added 2024/11/20 6:23 p.m.13 views

GHSA-J5HQ-5JCR-XWX7 github.com/rancher/steve's users can issue watch commands for arbitrary resources

Impact A vulnerability has been discovered in Steve API Kubernetes API Translator in which users can watch resources they are not allowed to access, when they have at least some generic permissions on the type. For example, a user who can get a single secret in a single namespace can get all...

7.7CVSS7.3AI score0.00444EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/10/25 7:39 p.m.17 views

RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files include binaries, script...

7.5CVSS6.1AI score0.00539EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/25 7:35 p.m.21 views

Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby Rancher Manager deployments containing Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files inclu...

7.5CVSS6.1AI score0.00539EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/10/25 7:35 p.m.16 views

GHSA-7H8M-PVW3-5GH4 Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby Rancher Manager deployments containing Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files inclu...

9.4CVSS7.9AI score0.00539EPSS
Exploits0References5
OSV
OSV
added 2024/06/17 10:30 p.m.71 views

GHSA-Q6C7-56CQ-G2WM Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec

Impact This issue is only relevant to clusters provisioned using RKE1 with secrets encryption configuration enabled. A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled please see the RKE documentation. When...

7.1CVSS6.2AI score0.00369EPSS
Exploits0References4
OSV
OSV
added 2024/06/17 10:30 p.m.23 views

GHSA-64JQ-M7RQ-768H Rancher's External RoleTemplates can lead to privilege escalation

Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References4
OSV
OSV
added 2024/04/24 9:1 p.m.38 views

GHSA-GVH9-XGRQ-R8HW Rancher's Steve API Component Improper authorization check allows privilege escalation

Impact A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowledge of the impersonated user's credentials. This is due to the Steve API proxy not dropping the...

8.8CVSS8.6AI score0.01071EPSS
Exploits0References3
OSV
OSV
added 2024/02/08 6:46 p.m.19 views

GHSA-833M-37F7-JQ55 Rancher API Server Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identifi...

8.3CVSS7.8AI score0.00342EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2024/02/08 6:46 p.m.46 views

Rancher API Server Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identifi...

8.3CVSS6.1AI score0.00342EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/08 6:43 p.m.35 views

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'

Impact A vulnerability has been identified when granting a create or global role for a resource type of "namespaces"; no matter the API group, the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace...

8.6CVSS6.8AI score0.00403EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/06 2:0 a.m.51 views

Rancher vulnerable to Privilege Escalation via manipulation of Secrets

Impact A vulnerability has been identified which enables Standard users or above to elevate their permissions to Administrator in the local cluster. The local cluster means the cluster where Rancher is installed. It is named local inside the list of clusters in the Rancher UI. Standard users coul...

9.9CVSS6.7AI score0.00715EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/06/06 2:0 a.m.107 views

GHSA-P976-H52C-26P6 Rancher vulnerable to Privilege Escalation via manipulation of Secrets

Impact A vulnerability has been identified which enables Standard users or above to elevate their permissions to Administrator in the local cluster. The local cluster means the cluster where Rancher is installed. It is named local inside the list of clusters in the Rancher UI. Standard users coul...

9.9CVSS8.7AI score0.00715EPSS
Exploits0References6
OSV
OSV
added 2023/06/06 1:59 a.m.21 views

GHSA-8VHC-HWHC-CPJ4 Rancher users retain access after moving namespaces into projects they don't have access to

Impact A vulnerability was identified in which users with update privileges on a namespace, can move that namespace into a project they don't have access to. After the namespace transfer is completed, their previous permissions are still preserved, which enables them to gain access to...

8.8CVSS8.8AI score0.01026EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/04/24 10:34 p.m.49 views

Rancher Webhook is misconfigured during upgrade process

Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no...

9.9CVSS8.9AI score0.00779EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/25 7:40 p.m.30 views

Command injection in Git package in Wrangler

Impact A command injection vulnerability was discovered in Wrangler's Git package affecting versions up to and including v1.0.0. Wrangler's Git package uses the underlying Git binary present in the host OS or container image to execute Git operations. Specially crafted commands can be passed to...

9.8CVSS9.7AI score0.03759EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2023/01/25 7:40 p.m.65 views

GHSA-QRG7-HFX7-95C5 Command injection in Git package in Wrangler

Impact A command injection vulnerability was discovered in Wrangler's Git package affecting versions up to and including v1.0.0. Wrangler's Git package uses the underlying Git binary present in the host OS or container image to execute Git operations. Specially crafted commands can be passed to...

7.5CVSS9.1AI score0.03759EPSS
Exploits0References12
OSV
OSV
added 2023/01/25 7:40 p.m.42 views

GHSA-8FCJ-GF77-47MG Denial of service (DoS) when processing Git credentials

Impact A denial of services DoS vulnerability was discovered in Wrangler Git package affecting versions up to and including v1.0.0. Specially crafted Git credentials can result in a denial of service DoS attack on an application that uses Wrangler due to the exhaustion of the available memory and...

5.9CVSS6.5AI score0.00684EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/01/25 7:38 p.m.26 views

Rancher generated tokens not revoked after modifications made to authentication provider

Impact This issue affects Rancher versions from 2.5.0 up to and including 2.5.16, from 2.6.0 up to and including 2.6.9 and 2.7.0. It only affects Rancher setups that have an external authentication provider configured or had one configured in the past. It was discovered that when an external...

1AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/01/25 7:36 p.m.65 views

GHSA-34P5-JP77-FCRC Command injection in Rancher Git package

Impact An issue was discovered in Rancher from versions 2.5.0 up to and including 2.5.16, 2.6.0 up to and including 2.6.9 and 2.7.0, where a command injection vulnerability is present in the Rancher Git package. This package uses the underlying Git binary available in the Rancher container image ...

6.8CVSS7.1AI score0.00981EPSS
Exploits0References4
Rows per page
Query Builder