Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rancher: Cloud credentials can be used through proxy API by users without access
Vulnerability Description
A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
Rancher Labs Rancher 安全漏洞
Vulnerability Description
Rancher Labs Rancher是美国Rancher Labs公司的一套开源的企业级容器管理平台。 Rancher 存在安全漏洞,该漏洞源于产品对于创建云凭证ID缺少有效的权限管理,攻击者可通过该漏洞创建云凭证ID访问云提供商。以下产品及版本受到影响:Rancher 2.5.9之前版本,Rancher 2.4.16之前版本。
CVSS Information
N/A
Vulnerability Type
N/A