CVE Vulnerability

CVE-2021-36782

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

9.9 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1193988 Exploit Issue Tracking
https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f Exploit Mitigation
Configurations

Configuration 1

cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*
Information

Published : 2022-09-07 09:15

Updated : 2023-01-18 02:29

NVD link : CVE-2021-36782

Mitre link : CVE-2021-36782

Products Affected
No products.
CWE
CWE-312

Cleartext Storage of Sensitive Information