Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
AnalysisAI
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3. Affected products include: Suse Rancher.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role
A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. Rated critical severity (CVSS 9
A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by cr
An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, a
{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no
SAML assertion replay in Rancher's Assertion Consumer Service (ACS) handler lets a person-in-the-middle who captures a v
Privilege escalation in SUSE Rancher (Kubernetes management platform) allows a user holding the Project Owner role to im
Privilege escalation in Rancher 2.13 (before 2.13.6) and 2.14 (before 2.14.2) lets any authenticated user gain principal
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as oth
A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify r
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today