github.com/rancher/rke is vulnerable to Sensitive Information Disclosure. The vulnerability exists due to insecure cluster state storage in a publicly accessible configmap called full-cluster-state
inside the kube-system namespace, which allows an attacker without administrative privileges to access sensitive cluster setup information if they gain to the RKE cluster.