Page 4 of 18 results (0.008 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. En Rancher versión 2.0.0 hasta 2.1.5, los miembros del proyecto tienen acceso continuo para crear, actualizar, leer y eliminar namespaces en un proyecto después de que se hayan eliminado de él. • https://forums.rancher.com/c/announcements https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11 • CWE-269: Improper Privilege Management •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher. Se descubrió un problema en Rancher versión 2 hasta 2.1.5. • https://forums.rancher.com/c/announcements https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3. El servidor rancher en Rancher Labs 1.2.0+ es vulnerable a usuarios autenticados deshabilitando el control de acceso a través de la llamada a una API. Esto está solucionado en las versiones rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3 y rancher/server:v1.5.3. • http://www.securityfocus.com/bid/97180 https://github.com/rancher/rancher/issues/8296 •