CVE-2021-36783

EPSS 0.48%
Veröffentlicht 07.09.2022 09:15:08
Zuletzt bearbeitet 21.11.2024 06:14:05
Quelle meissner@suse.de
CVE-Watchlists
Login
Unerledigt
Login

Rancher: Failure to properly sanitize credentials in cluster template answers

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Suse ≫ Rancher Version >= 2.5.0 < 2.5.13

Suse ≫ Rancher Version >= 2.6.0 < 2.6.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.641

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
meissner@suse.de	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://bugzilla.suse.com/show_bug.cgi?id=1193990

Vendor Advisory

Issue Tracking

https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-36783

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-36783

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-36783

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-36783