GHSA-6r7x-4q7g-h83j

Suggest an improvement
Source
https://github.com/advisories/GHSA-6r7x-4q7g-h83j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6r7x-4q7g-h83j/GHSA-6r7x-4q7g-h83j.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6r7x-4q7g-h83j
Aliases
Published
2022-05-13T01:02:31Z
Modified
2024-06-05T16:43:09.131096Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
Details

In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.

References

Affected packages

Go / github.com/rancher/rancher

Package

Name
github.com/rancher/rancher
View open source insights on deps.dev
Purl
pkg:golang/github.com/rancher/rancher

Affected ranges

Type
SEMVER
Events
Introduced
2.0.0
Fixed
2.1.6

Database specific

{
    "last_known_affected_version_range": "<= 2.1.5"
}