github.com/rancher/rancher is vulnerable to information disclosure. The vulnerability exists because of the lack of sanitization in credentials in cluster template answers of cluster_store.go
, leading to plaintext storage and exposure of credentials, passwords and API tokens.
bugzilla.suse.com/show_bug.cgi?id=1193990
github.com/rancher/rancher/commit/63f1bc566f97edfb9a54c6163254927a6537fb76
github.com/rancher/rancher/commit/87776848094241456860f127da17a032089263ba
github.com/rancher/rancher/pull/36578
github.com/rancher/rancher/pull/36580
github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8