CVE-2021-36782: Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object
First published: Wed Sep 07 2022(Updated: )
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Rancher | >=2.5.0<2.5.16 | |
| SUSE Rancher | >=2.6.0<2.6.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-36782?
The severity of CVE-2021-36782 is critical, with a severity value of 9.9.
How does CVE-2021-36782 affect SUSE Rancher?
CVE-2021-36782 affects SUSE Rancher versions 2.5.0 to 2.5.16 and 2.6.0 to 2.6.7.
Who does CVE-2021-36782 affect?
CVE-2021-36782 affects authenticated Cluster Owners, Cluster Members, Project Owners, Project Members, and User Base of SUSE Rancher.
What is the vulnerability in CVE-2021-36782?
CVE-2021-36782 is a Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher.
How can the plaintext version of sensitive data be retrieved in CVE-2021-36782?
Authenticated users can use the Kubernetes API to retrieve the plaintext version of sensitive data in CVE-2021-36782.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- vendor/suse
- canonical/suse rancher
- version/suse rancher/2.5.0
- version/suse rancher/2.6.0