Lucene search
Veracode Vulnerability DatabaseVERACODE:37304HistorySep 27, 2022 - 4:10 p.m.
Information Disclosure
2022-09-2716:10:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
rancher
information disclosure
plaintext
passwords
kubernetes api
0.066 Low
EPSS
Percentile
93.8%
Rancher is vulnerable to information disclosure. Confidential information such as passwords and API keys are stored in kubernetes objects using plaintext which allows an attacker with read permission to retrieve plaintext passwords using the Kubernetes API.
References
Related
osv
osv
CVE-2021-36782
2022-09-07 09:15:08
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
2022-09-23 18:11:28
Rancher cattle-token is predictable
2023-01-25 19:31:08
githubexploit
githubexploit
Exploit for Cleartext Storage of Sensitive Information in Suse Rancher
2022-12-01 19:30:27
nvd
nvd
CVE-2021-36782
2022-09-07 09:15:08
github
github
cvelist
cvelist
prion
prion
Information disclosure
2022-09-07 09:15:00
cve
cve
CVE-2021-36782
2022-09-07 09:15:08
metasploit
metasploit
Rancher Authenticated API Credential Exposure
2024-03-12 20:24:38
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 04/26/24
2024-04-26 19:49:58