Skip to main content

Rancher CVE-2021-25320

CRITICAL
Improper Access Control (CWE-284)
2021-07-15 meissner@suse.de
9.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 15, 2021 - 09:15 nvd
CRITICAL 9.9

DescriptionNVD

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16.

AnalysisAI

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-284. A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16. Affected products include: Rancher. Version information: prior to 2.5.9.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-31247 CRITICAL POC
9.1 Sep 07

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role

CVE-2022-21951 MEDIUM POC
6.8 May 25

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network

CVE-2023-22651 CRITICAL
9.9 May 04

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. Rated critical severity (CVSS 9

CVE-2019-11202 CRITICAL
9.8 Jul 30

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, a

CVE-2026-44939 CRITICAL
9.4 Jun 19

{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no

CVE-2026-44946 CRITICAL
9.5 Jun 30

SAML assertion replay in Rancher's Assertion Consumer Service (ACS) handler lets a person-in-the-middle who captures a v

CVE-2026-41052 CRITICAL
9.4 Jun 29

Privilege escalation in SUSE Rancher (Kubernetes management platform) allows a user holding the Project Owner role to im

CVE-2017-7297 HIGH
8.8 Mar 29

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. Rated

CVE-2026-41053 HIGH
8.8 Jun 30

Privilege escalation in Rancher 2.13 (before 2.13.6) and 2.14 (before 2.14.2) lets any authenticated user gain principal

CVE-2023-22648 HIGH
8.8 Jun 01

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected

CVE-2021-31999 HIGH
8.8 Jul 15

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as oth

CVE-2021-25318 HIGH
8.8 Jul 15

A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify r

Share

CVE-2021-25320 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy