9.9

CVE-2021-36782

Exploit

EPSS 79.61%
Veröffentlicht 07.09.2022 09:15:08
Zuletzt bearbeitet 21.11.2024 06:14:05
Quelle meissner@suse.de
CVE-Watchlists
Login
Unerledigt
Login

Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Suse ≫ Rancher Version >= 2.5.0 < 2.5.16

Suse ≫ Rancher Version >= 2.6.0 < 2.6.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	79.61%	0.99

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
meissner@suse.de	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://bugzilla.suse.com/show_bug.cgi?id=1193988

Vendor Advisory

Exploit

Issue Tracking

Mitigation

https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2021-36782

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-36782

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-36782

EUVD