Lucene search
GoogleOSV:GHSA-GC62-J469-9GJMHistoryMay 24, 2022 - 4:47 p.m.
Rancher Privilege Escalation Vulnerability
2022-05-2416:47:29
Google
osv.dev
7
0.001 Low
EPSS
Percentile
42.8%
In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/rancher/rancher | lt | 1.6.27 | |
| github.com/rancher/rancher | lt | 2.2.4 | |
| github.com/rancher/rancher | ge | 2.0.0 |
Related
osv
osv
CVE-2019-12274
2019-06-06 16:29:01
Rancher code injection via fluentd config commands
2022-05-24 16:47:29
openvas
openvas
Rancher 2.x.x <= 2.2.3 RCE Vulnerability
2019-06-11 00:00:00
Rancher < 2.2.4 Multiple Vulnerabilities
2019-06-11 00:00:00
nessus
nessus
cve
cve
CVE-2019-12303
2019-06-06 16:29:01
CVE-2019-12274
2019-06-06 16:29:01
prion
prion
Code injection
2019-06-06 16:29:00
Design/Logic Flaw
2019-06-06 16:29:00
github
github
Rancher Privilege Escalation Vulnerability
2022-05-24 16:47:29
Rancher code injection via fluentd config commands
2022-05-24 16:47:29
cvelist
cvelist
CVE-2019-12274
2019-06-06 15:07:30
CVE-2019-12303
2019-06-06 15:02:39
nvd
nvd
CVE-2019-12274
2019-06-06 16:29:01
CVE-2019-12303
2019-06-06 16:29:01