| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-21951 | Rancher: Weave CNI password is not set if RKE template is used with CNI value overridden | SUSE | Rancher | Medium | 6.8 | 2022-05-25 08:15:22 | Deep Dive |
| CVE-2021-4200 | Write access to the Catalog for any user when restricted-admin role is enabled | SUSE | Rancher | Medium | 5.4 | 2022-05-02 07:05:16 | Deep Dive |
| CVE-2021-36784 | Privilege escalation for users with create/update permissions in Global Roles | SUSE | Rancher | High | 7.2 | 2022-05-02 07:05:14 | Deep Dive |
| CVE-2021-36778 | Exposure of repository credentials to external third-party sources | SUSE | Rancher | High | 7.3 | 2022-05-02 07:05:13 | Deep Dive |
| CVE-2021-36776 | Steve API proxy impersonation | SUSE | Rancher | High | 8.8 | 2022-04-01 07:40:13 | Deep Dive |
| CVE-2021-36775 | Deleting PRTBs associated to a group doesn't cause deletion of corresponding RoleBindings | SUSE | Rancher | High | 8.8 | 2022-04-01 07:40:12 | Deep Dive |
| CVE-2022-21947 | rancher desktop: Dashboard API is network accessible | SUSE | Rancher | High | 8.3 | 2022-04-01 06:40:10 | Deep Dive |
| CVE-2021-32001 | K3s/RKE2 bootstrap data is encrypted with empty string if user does not supply a token | SUSE | Rancher | Medium | 6.5 | 2021-07-28 09:25:11 | Deep Dive |
| CVE-2021-31999 | Rancher: Privilege escalation vulnerability via malicious Connection header | Rancher | Rancher | High | 8.8 | 2021-07-15 08:55:19 | Deep Dive |
| CVE-2021-25320 | Rancher: Cloud credentials can be used through proxy API by users without access | Rancher | Rancher | Critical | 9.9 | 2021-07-15 08:55:17 | Deep Dive |
| CVE-2021-25318 | rancher: API group not properly specified when creating Kubernetes RBAC resources | Rancher | Rancher | High | 8.8 | 2021-07-15 08:55:16 | Deep Dive |
| CVE-2021-25313 | Rancher: XSS on /v3/cluster/ | SUSE | Rancher | High | 7.1 | 2021-03-05 08:35:19 | Deep Dive |