Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Rancher Labs Rancher 权限许可和访问控制问题漏洞
Vulnerability Description
Rancher Labs Rancher是美国Rancher Labs公司的一套开源的企业级容器管理平台。 Rancher Labs Rancher 2版本至2.1.5版本中存在权限许可和访问控制问题漏洞。该漏洞源于网络系统或产品缺乏有效的权限许可和访问控制措施。
CVSS Information
N/A
Vulnerability Type
N/A