CVE-2021-36782 PoC — Rancher Labs Rancher 安全漏洞

Source

https://github.com/fe-ax/tf-cve-2021-36782

Associated Vulnerability

Title:Rancher Labs Rancher 安全漏洞 (CVE-2021-36782)
Description:Rancher Labs Rancher是美国Rancher Labs公司的一套开源的企业级容器管理平台。 Rancher for SUSE 2.5.0到2.5.15版本、2.6.0到2.6.6版本存在安全漏洞，该漏洞源于敏感信息明文存储，任何对 Kubernetes API 中的对象具有读取权限的人都可以检索这些敏感数据的明文版本。

Description

A Terraform module to launch Rancher 2.6.6 for blog article about CVE-2021-36782

Readme

# Demo Terraform module for CVE-2021-36782

This is a Terraform module to demo CVE-2021-36782.

## Quick start

 * Clone repository
 * Run `terraform init`
 * Copy `example.tfvars` to `yourown.tfvars`
 * Edit `yourown.tfvars`. You just need to add a digital ocean API token
 * Run `terraform apply -var-file yourown.tfvars`
 * Give it ~20 minutes

File Snapshot


 [4.0K]  /data/pocs/3835f7054b1caf1b60e2d8323d5a2c30f1108477
├── [ 578]  00-main.tf
├── [ 195]  01-cloud.tf
├── [ 378]  02-rke.tf
├── [ 905]  03-rancher.tf
├── [ 343]  example.tfvars
├── [4.0K]  modules
│   ├── [4.0K]  cloud
│   │   ├── [2.1K]  main.tf
│   │   ├── [ 220]  provision-docker.tftpl
│   │   └── [  56]  variables.tf
│   ├── [4.0K]  rancher
│   │   ├── [ 361]  certmanager.tf
│   │   ├── [ 502]  main.tf
│   │   ├── [1.1K]  rancher.tf
│   │   └── [  29]  variables.tf
│   ├── [4.0K]  rancher-extra
│   │   ├── [1.3K]  main.tf
│   │   ├── [ 330]  provision-docker-extra.tftpl
│   │   ├── [1.8K]  rancher.tf
│   │   └── [  84]  variables.tf
│   └── [4.0K]  rke
│       ├── [ 930]  main.tf
│       └── [ 124]  variables.tf
├── [ 346]  README.md
└── [ 636]  variables.tf

5 directories, 20 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!