CVE-2021-36778: Exposure of repository credentials to external third-party sources
First published: Mon May 02 2022(Updated: )
A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Rancher | <2.5.12 | |
| SUSE Rancher | >=2.6.0<2.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this SUSE Rancher vulnerability?
The vulnerability ID is CVE-2021-36778.
What is the severity of CVE-2021-36778?
The severity of CVE-2021-36778 is high (7.5).
Which versions of SUSE Rancher are affected by CVE-2021-36778?
Versions prior to 2.5.12 and versions prior to 2.6.3 of SUSE Rancher are affected by CVE-2021-36778.
What is the impact of CVE-2021-36778?
CVE-2021-36778 allows administrators of third-party repositories to gather credentials that are sent to their servers.
Is there a fix available for CVE-2021-36778?
Yes, updating to version 2.5.12 or later for Rancher and version 2.6.3 or later for Rancher 2.6 is the recommended fix for CVE-2021-36778.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/suse
- canonical/suse rancher
- version/suse rancher/2.6.0