CVE-2021-36783 CRITICAL

CVE-2021-36783: Rancher: Failure to properly sanitize credentials in cluster template answers

Vendor Suse
Product Rancher
Weakness CWE-522 · Insufficiently protected credentials
Published September 7, 2022
Last update September 16, 2024

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.

Key dates

02Disclosure timeline

September 7, 2022 CVE published
September 16, 2024 Record updated