GO-2024-2930

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2024-2930

Import Source

https://vuln.go.dev/ID/GO-2024-2930.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2024-2930

Aliases

CVE-2023-32191
GHSA-6gr4-52w6-vmqx

Published

2024-07-01T19:59:12Z

Modified

2024-07-01T20:29:06.526667Z

Summary

RKE credentials are stored in the RKE1 Cluster state ConfigMap in github.com/rancher/rke

Details

When RKE provisions a cluster, it stores the cluster state in a configmap called "full-cluster-state" inside the "kube-system" namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include sensitive data.

Database specific

{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2024-2930"
}

References

Affected packages

Go / github.com/rancher/rke

Package

Name: github.com/rancher/rke; View open source insights on deps.dev
Purl: pkg:golang/github.com/rancher/rke

Affected ranges

Type: SEMVER
Events: Introduced

1.4.18

Fixed

1.4.19

Introduced

1.5.9

Fixed

1.5.10

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "GetSecret",
                "GetSecretsList",
                "GetSystemSecret",
                "UpdateSecret"
            ],
            "path": "github.com/rancher/rke/k8s"
        },
        {
            "symbols": [
                "Cluster.CheckClusterPorts",
                "Cluster.CleanDeadLogs",
                "Cluster.CleanupNodes",
                "Cluster.ClusterRemove",
                "Cluster.DeployControlPlane",
                "Cluster.DeployRestoreCerts",
                "Cluster.DeployStateFile",
                "Cluster.DeployWorkerPlane",
                "Cluster.DisableSecretsEncryption",
                "Cluster.GetStateFileFromConfigMap",
                "Cluster.PrePullK8sImages",
                "Cluster.ReconcileDesiredStateEncryptionConfig",
                "Cluster.RewriteSecrets",
                "Cluster.RotateEncryptionKey",
                "Cluster.RunSELinuxCheck",
                "Cluster.SetUpHosts",
                "Cluster.StoreAddonConfigMap",
                "Cluster.SyncLabelsAndTaints",
                "Cluster.TunnelHosts",
                "Cluster.UpdateClusterCurrentState",
                "Cluster.UpgradeControlPlane",
                "Cluster.UpgradeWorkerPlane",
                "ConfigureCluster",
                "FullState.WriteStateFile",
                "GetClusterCertsFromKubernetes",
                "GetK8sVersion",
                "GetStateFromKubernetes",
                "ReadStateFile",
                "RebuildKubeconfig",
                "RebuildState",
                "ReconcileCluster",
                "ReconcileEncryptionProviderConfig",
                "RestartClusterPods",
                "SaveFullStateToKubernetes",
                "buildFreshState"
            ],
            "path": "github.com/rancher/rke/cluster"
        },
        {
            "symbols": [
                "ClusterInit",
                "ClusterRemove",
                "ClusterUp",
                "RestoreEtcdSnapshot",
                "RestoreEtcdSnapshotFromCli",
                "RetrieveClusterStateConfigMap",
                "RotateEncryptionKey",
                "SnapshotRemoveFromEtcdHosts",
                "SnapshotSaveEtcdHosts",
                "SnapshotSaveEtcdHostsFromCli",
                "getStateFile",
                "saveClusterState"
            ],
            "path": "github.com/rancher/rke/cmd"
        }
    ]
}