Vulnerabilities > Suse > Rancher
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2023-22649 | Information Exposure Through Log Files vulnerability in Suse Rancher 2.7.0/2.7.1/2.7.4 A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. | 6.5 |
| 2023-12-12 | CVE-2020-10676 | Incorrect Authorization vulnerability in Suse Rancher In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project. | 8.8 |
| 2023-06-01 | CVE-2022-43760 | Cross-site Scripting vulnerability in Suse Rancher An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. | 8.4 |
| 2023-06-01 | CVE-2023-22647 | Privilege Defined With Unsafe Actions vulnerability in Suse Rancher An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. | 8.0 |
| 2023-06-01 | CVE-2023-22648 | Privilege Dropping / Lowering Errors vulnerability in Suse Rancher 2.6.10/2.7.0/2.7.1 A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. | 8.8 |
| 2023-05-04 | CVE-2023-22651 | Improper Privilege Management vulnerability in Suse Rancher Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. | 9.9 |
| 2023-02-07 | CVE-2022-21953 | Missing Authorization vulnerability in Suse Rancher A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | 8.8 |
| 2023-02-07 | CVE-2022-43755 | Insufficient Entropy vulnerability in Suse Rancher A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. | 9.8 |
| 2023-02-07 | CVE-2022-43757 | Cleartext Storage of Sensitive Information vulnerability in Suse Rancher A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. | 8.8 |
| 2023-02-07 | CVE-2022-43758 | OS Command Injection vulnerability in Suse Rancher A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | 6.8 |