Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rancher: Privilege escalation vulnerability via malicious Connection header
Vulnerability Description
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在安全决策中依赖未经信任的输入
Vulnerability Title
Rancher Labs Rancher 安全漏洞
Vulnerability Description
Rancher Labs Rancher是美国Rancher Labs公司的一套开源的企业级容器管理平台。 Rancher Labs Rancher 存在安全漏洞,该漏洞源于在Rancher的安全决策漏洞中依赖不可信的输入。攻击者可利用该漏洞通过伪造“Impersonate-User”或“Impersonate-Group”头充当集群中的其他用户。
CVSS Information
N/A
Vulnerability Type
N/A