Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Rancher — Vulnerabilities & Security Advisories 52

All 52 CVE vulnerabilities found in Rancher, with AI-generated Chinese analysis, references, and POCs.

Vendor: SUSE

CVE IDTitleCVSSSeverityPublished
CVE-2022-21953 Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster CWE-862 7.4 High2023-02-07
CVE-2022-43759 Rancher: Privilege escalation via promoted roles CWE-269 7.2 High2023-02-07
CVE-2022-43758 Rancher: Command injection in Git package CWE-78 7.6 High2023-02-07
CVE-2022-43757 Rancher: Exposure of sensitive fields CWE-312 9.9 Critical2023-02-07
CVE-2022-43756 Rancher/Wrangler: Denial of service when processing Git credentials CWE-74 5.9 Medium2023-02-07
CVE-2022-43755 Rancher: Non-random authentication token CWE-331 7.1 High2023-02-07
CVE-2022-31249 [RANCHER] OS command injection in Rancher and Fleet CWE-78 7.5 High2023-02-07
CVE-2022-31247 Rancher: Downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB) CWE-285 9.1 Critical2022-09-07
CVE-2021-36783 Rancher: Failure to properly sanitize credentials in cluster template answers CWE-522 9.9 Critical2022-09-07
CVE-2021-36782 Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object CWE-312 9.9 Critical2022-09-07
CVE-2022-21951 Rancher: Weave CNI password is not set if RKE template is used with CNI value overridden CWE-319 6.8 Medium2022-05-25
CVE-2021-4200 Write access to the Catalog for any user when restricted-admin role is enabled CWE-269 5.4 Medium2022-05-02
CVE-2021-36784 Privilege escalation for users with create/update permissions in Global Roles CWE-269 7.2 High2022-05-02
CVE-2021-36778 Exposure of repository credentials to external third-party sources CWE-863 7.3 High2022-05-02
CVE-2021-36776 Steve API proxy impersonation CWE-284 8.8 High2022-04-01
CVE-2021-36775 Deleting PRTBs associated to a group doesn't cause deletion of corresponding RoleBindings CWE-284 8.8 High2022-04-01
CVE-2022-21947 rancher desktop: Dashboard API is network accessible CWE-668 8.3 High2022-04-01
CVE-2021-32001 K3s/RKE2 bootstrap data is encrypted with empty string if user does not supply a token CWE-311 6.5 Medium2021-07-28
CVE-2021-31999 Rancher: Privilege escalation vulnerability via malicious Connection header CWE-807 8.8 High2021-07-15
CVE-2021-25320 Rancher: Cloud credentials can be used through proxy API by users without access CWE-284 9.9 Critical2021-07-15
CVE-2021-25318 rancher: API group not properly specified when creating Kubernetes RBAC resources CWE-732 8.8 High2021-07-15
CVE-2021-25313 Rancher: XSS on /v3/cluster/ CWE-79 7.1 High2021-03-05

All 52 known CVE vulnerabilities affecting Rancher with full Chinese analysis, references, and POCs where available.