Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suse rancher vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-32001
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, wit...
Suse Rancher Rke2 1.20.8
Suse Rancher Rke2 1.21.2
Suse Rancher Rke2 1.19.12
Suse Rancher K3s 1.20.8
Suse Rancher K3s 1.21.2
Suse Rancher K3s 1.19.12
NA
CVE-2023-32186
A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 prior to 1.24.17+rke2r1, from v1.25.0 before v1.25.13+r...
Suse Rancher Rke2 1.28.1\\+rke2r1
Suse Rancher Rke2
668
VMScore
CVE-2019-11202
An issue exists that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 up to and including 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Ranche...
Suse Rancher
801
VMScore
CVE-2018-20321
An issue exists in Rancher 2 up to and including 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigat...
Suse Rancher
445
VMScore
CVE-2021-36778
A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions before 2.5.12; Rancher versions before 2.6.3.
Suse Rancher
NA
CVE-2021-36782
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Ranch...
Suse Rancher
1 Github repository
NA
CVE-2021-36783
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue...
Suse Rancher
578
VMScore
CVE-2021-36784
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions before 2.5.13; Rancher versions before 2.6.4.
Suse Rancher
490
VMScore
CVE-2021-4200
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions before 2.5.13; Rancher versions before 2.6.4.
Suse Rancher
NA
CVE-2022-31247
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner per...
Suse Rancher
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »