CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36776 – Steve API proxy impersonation
https://notcve.org/view.php?id=CVE-2021-36776
01 Apr 2022 — A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10. Una vulnerabilidad de Control de Acceso Inapropiado en SUSE Rancher permite a atacantes remotos suplantar a usuarios arbitrarios. Este problema afecta a: SUSE Rancher versiones anteriores a 2.5.10 • https://bugzilla.suse.com/show_bug.cgi?id=1189413 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36775 – Deleting PRTBs associated to a group doesn't cause deletion of corresponding RoleBindings
https://notcve.org/view.php?id=CVE-2021-36775
01 Apr 2022 — a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. Una vulnerabilidad de Control de Acceso Inapropiado en SUSE Rancher permite a usuarios mantener privilegios que deberían haber sido revocados. Este problema afecta a: SUSE Rancher versiones anteriores a 2.4.18; versiones de Rancher anteriores a 2.5.12; versio... • https://bugzilla.suse.com/show_bug.cgi?id=1189120 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31999 – Rancher: Privilege escalation vulnerability via malicious Connection header
https://notcve.org/view.php?id=CVE-2021-31999
15 Jul 2021 — A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16. Una vulnerabilidad de Dependencia de Datos no Confiables en una Decisión de Seguridad en Rancher permite a usuarios del cluster actuar como otros usuarios del cluster al falsificar los encabezados "Impersonate-User... • https://bugzilla.suse.com/show_bug.cgi?id=1187084 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25320 – Rancher: Cloud credentials can be used through proxy API by users without access
https://notcve.org/view.php?id=CVE-2021-25320
15 Jul 2021 — A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16. Una vulnerabilidad de Control de Acceso Inapropiado en Rancher, permite a usuarios del cluster hacer peticiones a los proveedores de la nube al crear peticiones con el ID de la... • https://bugzilla.suse.com/show_bug.cgi?id=1185514 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25318 – rancher: API group not properly specified when creating Kubernetes RBAC resources
https://notcve.org/view.php?id=CVE-2021-25318
15 Jul 2021 — A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16. Una vulnerabilidad de Asignación Incorrecta de Permisos para Recursos Críticos en Rancher permite a usuarios del clúster modificar recursos a los que no deberían tener acceso. Este problema afecta a: Rancher versiones anteriores a 2.5.9; Rancher versiones anterio... • https://bugzilla.suse.com/show_bug.cgi?id=1184913 • CWE-732: Incorrect Permission Assignment for Critical Resource •