VYPR

Rancher

by Rancher

Source repositories

CVEs (28)

  • CVE-2024-58269MedOct 29, 2025
    risk 0.21cvss 4.3epss 0.00

    A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.

  • CVE-2023-32199MedOct 29, 2025
    risk 0.21cvss 4.3epss 0.00

    A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule…

  • CVE-2020-10676Dec 12, 2023
    risk 0.00cvss epss 0.01

    In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.

  • CVE-2021-31999Jul 15, 2021
    risk 0.00cvss epss 0.01

    A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher…

  • CVE-2021-25320Jul 15, 2021
    risk 0.00cvss epss 0.01

    A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher…

  • CVE-2021-25318Jul 15, 2021
    risk 0.00cvss epss 0.01

    A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16.

  • CVE-2019-6287Apr 10, 2019
    risk 0.00cvss epss 0.01

    In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.

  • CVE-2018-20321Apr 10, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated…

Page 2 of 2