Vulnerabilities > CVE-2021-32001 - Unspecified vulnerability in Suse Rancher K3S and Rancher Rke2

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

suse

NVD

Published: 2021-07-28

Updated: 2022-11-14

Summary

K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions; RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions.

Vulnerable Configurations

Part	Description	Count
Application	Suse Suse Rancher Rke2 1.20.8 Suse Rancher Rke2 1.21.2 Suse Rancher Rke2 1.19.12 Suse Rancher K3S 1.20.8 Suse Rancher K3S 1.21.2 Suse Rancher K3S 1.19.12	6

References

https://bugzilla.suse.com/show_bug.cgi?id=1188453