📦 Rancher

This CVE-2023-22647 vulnerability in SUSE Rancher allows standard users with existing permissions to manipulate Kubernetes secrets in the local cluster, potentially gaining access to service account t...

A privilege escalation vulnerability in SUSE Rancher allows attackers to bypass admission webhook security checks and gain elevated privileges in Kubernetes clusters. This only affects users who upgra...

CVE-2022-43757 is a cleartext storage vulnerability in SUSE Rancher that allows users on managed clusters to access sensitive credentials stored without encryption. This affects Rancher administrators...

This vulnerability in Rancher 2.x allows users with namespace access to move namespaces between projects without proper authorization. It affects Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4. This...

This stored XSS vulnerability in SUSE Rancher allows authenticated users with write permissions to inject malicious scripts that execute in administrators' browsers when they view affected pages. Atta...

This CVE-2022-21953 is a missing authorization vulnerability in SUSE Rancher that allows authenticated users to create unauthorized shell pods and gain kubectl access in the local cluster. It affects ...

CVE-2022-43755 is an insufficient entropy vulnerability in SUSE Rancher that allows attackers who have previously obtained a cattle-token to continue using it even after token renewal. This affects Ra...

This vulnerability in SUSE Rancher allows authenticated users with 'escalate' permissions on PRTBs (Project Role Template Bindings) to escalate their privileges for any promoted resource across any cl...

This vulnerability allows users with the restricted-admin role in SUSE Rancher to escalate their privileges to full administrator access. It affects SUSE Rancher versions before 2.5.13 and Rancher ver...