Rancher@2.7.0 Security Vulnerabilities and Issues — Rancher@2.7.0 CVE List

Lucene search

SuseRancher2.7.0

8 matches found

cve•added 2023/06/01 1:15 p.m.•87 views

CVE-2023-22648

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to userswhile they are logged in the Rancher UI. This would cause the users toretain their previous permissions in Rancher, even if they change groupson Azure AD, for example, to ...

8.8CVSS8.1AI score0.00132EPSS

cve•added 2023/02/07 1:15 p.m.•68 views

CVE-2022-43755

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

9.8CVSS8.1AI score0.00099EPSS

cve•added 2023/02/07 1:15 p.m.•66 views

CVE-2022-21953

A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

8.8CVSS7.8AI score0.00044EPSS

cve•added 2023/02/07 1:15 p.m.•66 views

CVE-2022-43758

A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issu...

7.6CVSS7AI score0.00084EPSS

cve•added 2023/06/01 1:15 p.m.•62 views

CVE-2023-22647

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the localcluster, resulting in the secret being deleted, but their read-levelpermissions to the secret being preserved. When this operatio...

9.9CVSS8.4AI score0.00585EPSS

cve•added 2023/02/07 1:15 p.m.•60 views

CVE-2022-43757

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versi...

9.9CVSS9.1AI score0.00063EPSS

cve•added 2023/06/01 1:15 p.m.•59 views

CVE-2022-43760

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that isexecuted within another user's browser, allowing the attacker to stealsensitive information, manipulate web co...

8.4CVSS8.2AI score0.00966EPSS

cve•added 2023/12/12 5:15 p.m.•50 views

CVE-2020-10676

In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.

8.8CVSS8.6AI score0.00105EPSS