Rancher
CVE-2022-21951
MEDIUM
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.
AnalysisAI
A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-319. A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. Affected products include: Suse Rancher. Version information: prior to 2.5.14.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. Rated critical severity (CVSS 9
A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by cr
An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, a
{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no
SAML assertion replay in Rancher's Assertion Consumer Service (ACS) handler lets a person-in-the-middle who captures a v
Privilege escalation in SUSE Rancher (Kubernetes management platform) allows a user holding the Project Owner role to im
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. Rated
Privilege escalation in Rancher 2.13 (before 2.13.6) and 2.14 (before 2.14.2) lets any authenticated user gain principal
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as oth
A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify r
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today