8.8
CVE-2026-41053
- EPSS 0.37%
- Veröffentlicht 30.06.2026 11:38:25
- Zuletzt bearbeitet 02.07.2026 19:57:44
- Quelle meissner@suse.de
- CVE-Watchlists
- Unerledigt
Over-inclusive team membership expansion in GitHub App authentication provider for Rancher
Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.289 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| meissner@suse.de | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-303 Incorrect Implementation of Authentication Algorithm
The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
https://github.com/rancher/rancher/security/advisories/GHSA-4j6x-2764-m8gh