A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.
References
Link | Resource |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1193990 | Issue Tracking Vendor Advisory |
https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Mar 2023, 17:20
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.9 |
09 Nov 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13. | |
CWE | CWE-522 |
13 Sep 2022, 16:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1193990 - Issue Tracking, Vendor Advisory | |
References | (CONFIRM) https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8 - Third Party Advisory | |
CWE | CWE-312 |
07 Sep 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-07 09:15
Updated : 2024-02-04 22:51
NVD link : CVE-2021-36783
Mitre link : CVE-2021-36783
CVE.ORG link : CVE-2021-36783
JSON object : View
Products Affected
suse
- rancher
CWE
CWE-522
Insufficiently Protected Credentials