Lucene search

GoogleOSV:CVE-2020-10676

HistoryDec 12, 2023 - 5:15 p.m.

CVE-2020-10676

2023-12-1217:15:07

Google

osv.dev

rancher 2.x

authorization check

vulnerability

namespace

project

software

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.7%

JSON

In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.

CPENameOperatorVersion
ranchereq2.7.2
ranchereq2.7.0-novkdm
ranchereq2.7.2-rc6
ranchereq2.7.2-rc4
ranchereq2.7.2-rc5
ranchereq2.7.3
ranchereq2.7.3-rc1
ranchereq2.7.0
ranchereq2.7.3-rc2
ranchereq2.7.2-rc7

Name	Operator	Version
rancher	eq	2.7.2
rancher	eq	2.7.0-novkdm
rancher	eq	2.7.2-rc6
rancher	eq	2.7.2-rc4
rancher	eq	2.7.2-rc5
rancher	eq	2.7.3
rancher	eq	2.7.3-rc1
rancher	eq	2.7.0
rancher	eq	2.7.3-rc2
rancher	eq	2.7.2-rc7

Rows per page:

1-10 of 171

References

forums.rancher.com/c/announcements

github.com/advisories/GHSA-8vhc-hwhc-cpj4

github.com/rancher/rancher/releases/tag/v2.6.13

github.com/rancher/rancher/releases/tag/v2.7.4

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.7%

JSON

Related for OSV:CVE-2020-10676