CVE-2021-25318

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-25318

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25318.json

Aliases

GHSA-f9xf-jq4j-vqw4

Published

2021-07-15T09:15:07Z

Modified

2024-05-14T08:28:35.704546Z

Summary

[none]

Details

A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16.

References

https://bugzilla.suse.com/show_bug.cgi?id=1184913

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type: GIT
Repo: https://github.com/rancher/rancher
Events: Introduced

65f3525cdc1167872af4140d45f3153698450c52

Fixed

3c54189441fdac08fd4a1b3113216e085004f061

Affected versions

v2.*

v2.5.0

v2.5.0-rc9

v2.5.1

v2.5.1-rc1

v2.5.2

v2.5.2-rc

v2.5.2-rc1

v2.5.2-rc10

v2.5.2-rc2

v2.5.2-rc3

v2.5.2-rc4

v2.5.2-rc5

v2.5.2-rc6

v2.5.2-rc7

v2.5.2-rc8

v2.5.2-rc9

v2.5.4

v2.5.4-rc1

v2.5.4-rc2

v2.5.4-rc3

v2.5.4-rc4

v2.5.4-rc5

v2.5.4-rc6

v2.5.4-rc7

v2.5.4-rc8

v2.5.4-rc9

v2.5.6

v2.5.6-rc1

v2.5.6-rc2

v2.5.6-rc3

v2.5.6-rc4

v2.5.6-rc5

v2.5.6-rc6

v2.5.6-rc7

v2.5.6-rc8

v2.5.6-rc9

v2.5.8

v2.5.8-patch1

v2.5.8-rc10

v2.5.8-rc11

v2.5.8-rc12

v2.5.8-rc13

v2.5.8-rc14

v2.5.8-rc15

v2.5.8-rc16

v2.5.8-rc17

v2.5.8-rc18

v2.5.8-rc19

v2.5.8-rc2

v2.5.8-rc20

v2.5.8-rc21

v2.5.8-rc3

v2.5.8-rc4

v2.5.8-rc5

v2.5.8-rc6

v2.5.8-rc7

v2.5.8-rc8

v2.5.8-rc9

v2.5.9-rc1

v2.5.9-rc10

v2.5.9-rc11

v2.5.9-rc12

v2.5.9-rc13

v2.5.9-rc14

v2.5.9-rc15

v2.5.9-rc2

v2.5.9-rc3

v2.5.9-rc4

v2.5.9-rc5

v2.5.9-rc6

v2.5.9-rc7

v2.5.9-rc8

v2.5.9-rc9