CVE-2021-36783

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*

History

23 Mar 2023, 17:20

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 9.9

09 Nov 2022, 14:15

Type Values Removed Values Added
Summary A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13. A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.
CWE CWE-312 CWE-522

13 Sep 2022, 16:46

Type Values Removed Values Added
CPE cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1193990 - (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1193990 - Issue Tracking, Vendor Advisory
References (CONFIRM) https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8 - (CONFIRM) https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8 - Third Party Advisory
CWE CWE-200 CWE-312

07 Sep 2022, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-07 09:15

Updated : 2024-02-04 22:51


NVD link : CVE-2021-36783

Mitre link : CVE-2021-36783

CVE.ORG link : CVE-2021-36783


JSON object : View

Products Affected

suse

  • rancher
CWE
CWE-522

Insufficiently Protected Credentials