CVE-2021-36782
Summary
| CVE | CVE-2021-36782 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-09-07 09:15:00 UTC |
| Updated | 2023-01-18 14:29:00 UTC |
| Description | A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7. |
Risk And Classification
Problem Types: CWE-312
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug 1193988 – CVE-2021-36782: Rancher - Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object | CONFIRM | bugzilla.suse.com | |
| Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object · Advisory · rancher/rancher · GitHub | CONFIRM | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Florian Struck (from Continum AG) and Marco Stuurman (from Shock Media B.V.)
There are currently no legacy QID mappings associated with this CVE.