Skip to main content

Rancher CVE-2017-7297

HIGH
2017-03-29 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 29, 2017 - 00:59 cve.org
HIGH 8.8

DescriptionCVE.org

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.

AnalysisAI

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3. Affected products include: Suse Rancher.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-31247 CRITICAL POC
9.1 Sep 07

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role

CVE-2022-21951 MEDIUM POC
6.8 May 25

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network

CVE-2023-22651 CRITICAL
9.9 May 04

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. Rated critical severity (CVSS 9

CVE-2021-25320 CRITICAL
9.9 Jul 15

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by cr

CVE-2019-11202 CRITICAL
9.8 Jul 30

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, a

CVE-2026-44939 CRITICAL
9.4 Jun 19

{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no

CVE-2026-44946 CRITICAL
9.5 Jun 30

SAML assertion replay in Rancher's Assertion Consumer Service (ACS) handler lets a person-in-the-middle who captures a v

CVE-2026-41052 CRITICAL
9.4 Jun 29

Privilege escalation in SUSE Rancher (Kubernetes management platform) allows a user holding the Project Owner role to im

CVE-2026-41053 HIGH
8.8 Jun 30

Privilege escalation in Rancher 2.13 (before 2.13.6) and 2.14 (before 2.14.2) lets any authenticated user gain principal

CVE-2023-22648 HIGH
8.8 Jun 01

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected

CVE-2021-31999 HIGH
8.8 Jul 15

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as oth

CVE-2021-25318 HIGH
8.8 Jul 15

A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify r

Share

CVE-2017-7297 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy