A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HRancher
APPRancher< 2.4.162.5.0 – 2.5.9 (bez)
Powiązane podatności
a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been ...
A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. T...
A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster t...
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to ...