High severityNVD Advisory· Published May 2, 2022· Updated Sep 16, 2024
Write access to the Catalog for any user when restricted-admin role is enabled
CVE-2021-4200
Description
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | >= 2.6.0, < 2.6.4 | 2.6.4 |
github.com/rancher/rancherGo | >= 2.5.0, < 2.5.13 | 2.5.13 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-hx8w-ghh8-r4xfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-4200ghsaADVISORY
- github.com/rancher/rancherghsaPACKAGE
- bugzilla.suse.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/rancher/rancher/security/advisories/GHSA-hx8w-ghh8-r4xfghsaWEB
- rancher.com/docs/rancher/v2.6/en/admin-settings/rbac/global-permissions/ghsaWEB
News mentions
0No linked articles in our index yet.