github.com/rancher/rancher is vulnerable to Information Disclosure. The vulnerability exists because the library stores sensitive plaintext information directly on Kubernetes Cluster
objects , which allows authenticated Cluster Owners
, Cluster Members
, Project Owners
and Project Members
to gain sensitive information through the /v1/management.cattle.io.cluster
and /v1/management.cattle.io.clustertemplaterevisions
endpoints.
bugzilla.suse.com/show_bug.cgi?id=1205295
github.com/advisories/GHSA-cq4p-vp5q-4522
github.com/rancher/rancher/commit/025cb5f6011775c1c0b184e06ddaf33019a7bdb1
github.com/rancher/rancher/commit/04353bdc48f3f67a9777c3a7d339bc163b76e80d
github.com/rancher/rancher/commit/d6e3b6c552d47eb767ecc869641ab607e2973187
github.com/rancher/rancher/pull/40242
github.com/rancher/rancher/pull/40243
github.com/rancher/rancher/pull/40244