Upstream information
Description
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.Upstream Security Advisories:
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
| National Vulnerability Database | SUSE | |
|---|---|---|
| Base Score | 9.9 | 9.9 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | None | None |
| Scope | Changed | Changed |
| Confidentiality Impact | High | High |
| Integrity Impact | High | High |
| Availability Impact | High | High |
| CVSSv3 Version | 3.1 | 3.1 |
SUSE Security Advisories:
- GHSA-8c69-r38j-rpfj, published Wed Jan 25 04:42:13 CET 2023
- GHSA-cq4p-vp5q-4522, published Wed Jan 25 04:42:12 CET 2023
- GHSA-g7j7-h4q8-8w2f, published Fri Aug 19 06:51:46 CEST 2022
- TID000020910, published Thu Jan 5 14:44:50 CET 2023
SUSE Timeline for this CVE
CVE page created: Wed Dec 22 10:45:13 2021CVE page last modified: Wed Jan 25 10:32:12 2023