Critical severityNVD Advisory· Published Sep 7, 2022· Updated Sep 17, 2024
Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object
CVE-2021-36782
Description
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | >= 2.5.0, < 2.5.16 | 2.5.16 |
github.com/rancher/rancherGo | >= 2.6.0, < 2.6.7 | 2.6.7 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-g7j7-h4q8-8w2fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-36782ghsaADVISORY
- bugzilla.suse.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2fghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.