CVE-2017-7297
- Source
- https://cve.org/CVERecord?id=CVE-2017-7297
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7297.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-7297
- Aliases
- Published
- 2017-03-29T00:59:00.167Z
- Modified
- 2026-03-10T14:28:26.481585Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
- References
Affected packages
Git / github.com/rancher/rancher
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rancher/rancher
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "1.2.0" }, { "fixed": "1.2.4" }, { "introduced": "1.3.0" }, { "fixed": "1.3.5" }, { "introduced": "1.4.0" }, { "fixed": "1.4.3" }, { "introduced": "1.5.0" }, { "fixed": "1.5.3" } ] }
Affected versions
agent-base-v0.*
agent-base-v0.3.0
agent-v1.*
agent-v1.1.1
agent-v1.1.1-rc1
agent-v1.1.2
agent-v1.1.3
agent-v1.2.0
agent-v1.2.0-rc1
agent-v1.2.0-rc2
v1.*
v1.2.0
v1.2.0-1
v1.2.0.1-rc1
v1.2.1
v1.2.1-rc1
v1.2.1-rc2
v1.2.1-rc3
v1.2.1-rc4
v1.2.2
v1.2.2-rc1
v1.2.2-rc2
v1.2.2-rc3
v1.2.2-rc4
v1.2.3
v1.2.3-rc1
v1.2.3-rc2
v1.2.4-rc1
v1.2.4-rc2
v1.3.0
v1.3.0-rc1
v1.3.0-rc2
v1.3.0-rc3
v1.3.0-rc4
v1.3.0-rc5
v1.3.0-rc6
v1.3.1
v1.3.1-rc1
v1.3.1-rc2
v1.3.1-rc3
v1.3.1-rc4
v1.3.2
v1.3.2-rc1
v1.3.2-rc2
v1.3.3
v1.3.3-rc1
v1.3.4
v1.3.4-rc1
v1.3.5-rc1
v1.4.0
v1.4.0-rc1
v1.4.0-rc2
v1.4.0-rc3
v1.4.0-rc4
v1.4.0-rc5
v1.4.0-rc6
v1.4.0-rc7
v1.4.0-rc8
v1.4.0-rc9
v1.4.1
v1.4.1-rc1
v1.4.1-rc2
v1.4.2
v1.4.2-rc1
v1.4.2-rc2
v1.4.2-try1
v1.4.3-rc1