Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rancher rancher vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv3
CVE-2022-21951
A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value...
Suse Rancher
6.5
CVSSv3
CVE-2021-32001
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, wit...
Suse Rancher Rke2 1.20.8
Suse Rancher Rke2 1.21.2
Suse Rancher Rke2 1.19.12
Suse Rancher K3s 1.20.8
Suse Rancher K3s 1.21.2
Suse Rancher K3s 1.19.12
6.1
CVSSv3
CVE-2021-25313
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote malicious users to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions before 2.5.6.
Suse Rancher
6.1
CVSSv3
CVE-2019-13209
Rancher 2 up to and including 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by th...
Suse Rancher
5.4
CVSSv3
CVE-2021-4200
A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions before 2.5.13; Rancher versions before 2.6.4.
Suse Rancher
4.7
CVSSv3
CVE-2019-11881
A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legit...
Suse Rancher 2.1.4
1 Github repository
2.5
CVSSv3
CVE-2023-32684
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templa...
Linuxfoundation Lima
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4