CVE-2021-36782

Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object

CVSS 9.9 CRITICALEPSS 2.9%CWE-312

In short

Rancher stores sensitive credentials in plain text where authenticated users can read them through the Kubernetes API. This means anyone with basic access to a Rancher cluster can retrieve passwords and secrets that should be protected.

Technical detail

CWE-312 vulnerability allows authenticated users (Cluster Owners, Members, Project Owners, Members, and base users) to retrieve plaintext sensitive data via Kubernetes API calls in Rancher versions before 2.5.16 and 2.6.7. Pre-conditions require valid authentication; impact includes exposure of all stored credentials and secrets.

Summary generated and translated by AI from the official description.

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

SUSE · Rancher

public PoCs found — 1

githubgithub.com/fe-ax/tf-cve-2021-36782★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.suse.com/show_bug.cgi?id=1193988 https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f