Vulnerabilities > Suse > Rancher > 1.4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-02 | CVE-2021-36778 | Unspecified vulnerability in Suse Rancher A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. | 7.5 |
| 2022-05-02 | CVE-2021-36784 | Improper Privilege Management vulnerability in Suse Rancher A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. | 7.2 |
| 2022-05-02 | CVE-2021-4200 | Unspecified vulnerability in Suse Rancher A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. | 5.4 |
| 2021-03-05 | CVE-2021-25313 | Unspecified vulnerability in Suse Rancher A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. | 6.1 |
| 2019-06-06 | CVE-2019-12274 | Missing Authorization vulnerability in Suse Rancher In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. | 8.8 |
| 2017-03-29 | CVE-2017-7297 | Unspecified vulnerability in Suse Rancher Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. | 8.8 |