CVE-2021-36782

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-36782
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36782.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-36782
Aliases
Related
Published
2022-09-07T09:15:08Z
Modified
2025-02-19T03:19:40.528949Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

References

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type
GIT
Repo
https://github.com/rancher/rancher
Events
Introduced
65f3525cdc1167872af4140d45f3153698450c52
Fixed
3f4e21bca44391b582601799de34075729c19783

Affected versions

v2.*

v2.5.0
v2.5.0-rc9
v2.5.1
v2.5.1-rc1
v2.5.10
v2.5.10-rc1
v2.5.10-rc2
v2.5.10-rc3
v2.5.10-rc4
v2.5.10-rc5
v2.5.10-rc6
v2.5.10-rc7
v2.5.12
v2.5.12-rc1
v2.5.12-rc2
v2.5.12-rc3
v2.5.12-rc4
v2.5.12-rc5
v2.5.12-rc6
v2.5.12-rc7
v2.5.12-rc8
v2.5.13
v2.5.13-rc1
v2.5.13-rc2
v2.5.13-rc3
v2.5.13-rc4
v2.5.14
v2.5.14-rc1
v2.5.14-rc2
v2.5.16-rc1
v2.5.16-rc2
v2.5.16-rc3
v2.5.2
v2.5.2-rc
v2.5.2-rc1
v2.5.2-rc10
v2.5.2-rc2
v2.5.2-rc3
v2.5.2-rc4
v2.5.2-rc5
v2.5.2-rc6
v2.5.2-rc7
v2.5.2-rc8
v2.5.2-rc9
v2.5.4
v2.5.4-rc1
v2.5.4-rc2
v2.5.4-rc3
v2.5.4-rc4
v2.5.4-rc5
v2.5.4-rc6
v2.5.4-rc7
v2.5.4-rc8
v2.5.4-rc9
v2.5.6
v2.5.6-rc1
v2.5.6-rc2
v2.5.6-rc3
v2.5.6-rc4
v2.5.6-rc5
v2.5.6-rc6
v2.5.6-rc7
v2.5.6-rc8
v2.5.6-rc9
v2.5.8
v2.5.8-rc10
v2.5.8-rc11
v2.5.8-rc12
v2.5.8-rc13
v2.5.8-rc14
v2.5.8-rc15
v2.5.8-rc16
v2.5.8-rc17
v2.5.8-rc18
v2.5.8-rc19
v2.5.8-rc2
v2.5.8-rc20
v2.5.8-rc21
v2.5.8-rc3
v2.5.8-rc4
v2.5.8-rc5
v2.5.8-rc6
v2.5.8-rc7
v2.5.8-rc8
v2.5.8-rc9