Upstream information
Description
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.Upstream Security Advisories:
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
| National Vulnerability Database | SUSE | |
|---|---|---|
| Base Score | 9.9 | 9.9 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | None | None |
| Scope | Changed | Changed |
| Confidentiality Impact | High | High |
| Integrity Impact | High | High |
| Availability Impact | High | High |
| CVSSv3 Version | 3.1 | 3.1 |
SUSE Security Advisories:
- GHSA-8w87-58w6-hfv8, published Fri Aug 19 06:51:47 CEST 2022
SUSE Timeline for this CVE
CVE page created: Wed Dec 22 10:45:14 2021CVE page last modified: Thu Mar 23 21:52:16 2023