Steve API proxy impersonation
Description
Improper access control in SUSE Rancher's Steve API proxy allows remote attackers to impersonate arbitrary users, affecting versions prior to 2.5.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper access control in SUSE Rancher's Steve API proxy allows remote attackers to impersonate arbitrary users, affecting versions prior to 2.5.10.
Vulnerability
The vulnerability is an improper access control issue in SUSE Rancher's Steve API proxy. It allows remote attackers to impersonate arbitrary users. The issue affects SUSE Rancher versions prior to 2.5.10 [1][2].
Exploitation
An attacker can exploit this by sending crafted requests to the Steve API proxy without requiring authentication or special privileges, as the access control is improperly implemented. No user interaction is needed [1].
Impact
Successful exploitation enables the attacker to impersonate any user, gaining unauthorized access to the victim's permissions and actions within the Rancher management platform. This could lead to full compromise of the Kubernetes cluster [1][2].
Mitigation
The fix is included in Rancher version 2.5.10 and later. Users should upgrade to at least this version. No workarounds are mentioned in the available references [1][2][3].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | >= 2.5.0, < 2.5.10 | 2.5.10 |
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-gvh9-xgrq-r8hwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-36776ghsaADVISORY
- bugzilla.suse.com/show_bug.cgighsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.