Rancher Security Vulnerabilities and Issues — Rancher CVE List

Lucene search

SuseRancher

10 matches found

CVE•added 2024/10/16 8:15 a.m.•116 views

CVE-2023-22649

A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. Rancher Audit Logging is an opt-in feature, only deployments that have it enabled and have AUDIT_LEVEL set to 1 or above are impacted by this issue.

8.4CVSS7.2AI score0.317EPSS

CVE•added 2019/06/06 4:29 p.m.•105 views

CVE-2019-12274

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/....

8.8CVSS8.5AI score0.00238EPSS

CVE•added 2019/06/06 4:29 p.m.•105 views

CVE-2019-12303

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container.

8.8CVSS8.7AI score0.0048EPSS

CVE•added 2023/06/01 1:15 p.m.•86 views

CVE-2023-22648

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to userswhile they are logged in the Rancher UI. This would cause the users toretain their previous permissions in Rancher, even if they change groupson Azure AD, for example, to ...

8.8CVSS8.1AI score0.00132EPSS

CVE•added 2023/02/07 1:15 p.m.•65 views

CVE-2022-21953

A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

8.8CVSS7.8AI score0.00054EPSS

CVE•added 2023/06/01 1:15 p.m.•57 views

CVE-2022-43760

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that isexecuted within another user's browser, allowing the attacker to stealsensitive information, manipulate web co...

8.4CVSS8.2AI score0.00966EPSS

CVE•added 2023/02/07 1:15 p.m.•49 views

CVE-2022-43759

A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10.

8.8CVSS7.9AI score0.00054EPSS

CVE•added 2023/12/12 5:15 p.m.•48 views

CVE-2020-10676

In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.

8.8CVSS8.6AI score0.00112EPSS

CVE•added 2017/03/29 12:59 a.m.•45 views

CVE-2017-7297

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.

8.8CVSS8.4AI score0.00605EPSS

CVE•added 2019/04/10 3:29 p.m.•43 views

CVE-2019-6287

In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.

8.1CVSS8AI score0.00172EPSS