A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
References
Link | Resource |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1193988 | Exploit Issue Tracking Mitigation Vendor Advisory |
https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f | Exploit Mitigation Third Party Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=1193988 | Exploit Issue Tracking Mitigation Vendor Advisory |
https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f | Exploit Mitigation Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.suse.com/show_bug.cgi?id=1193988 - Exploit, Issue Tracking, Mitigation, Vendor Advisory | |
References | () https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f - Exploit, Mitigation, Third Party Advisory |
Information
Published : 2022-09-07 09:15
Updated : 2024-11-21 06:14
NVD link : CVE-2021-36782
Mitre link : CVE-2021-36782
CVE.ORG link : CVE-2021-36782
JSON object : View
Products Affected
suse
- rancher
CWE
CWE-312
Cleartext Storage of Sensitive Information