Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-36783

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.

Published

2022-09-07T09:15:08.600

Last Modified

2024-11-21T06:14:05.463

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.9 (CRITICAL)

Weaknesses

Type: Secondary
CWE-522
Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	suse	rancher	< 2.5.13	Yes
Application	suse	rancher	< 2.6.4	Yes

References

https://bugzilla.suse.com/show_bug.cgi?id=1193990 Issue Tracking, Vendor Advisory ([email protected])
https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8 Third Party Advisory ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=1193990 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)