Vulnerabilities > Suse > Rancher
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-10 | CVE-2019-11881 | Unspecified vulnerability in Suse Rancher 2.1.4 A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. network suse | 4.3 |
| 2019-06-06 | CVE-2019-12303 | Injection vulnerability in Suse Rancher In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. | 6.5 |
| 2019-06-06 | CVE-2019-12274 | Missing Authorization vulnerability in Suse Rancher In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. | 4.0 |
| 2019-04-10 | CVE-2019-6287 | Improper Privilege Management vulnerability in Suse Rancher In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. | 6.5 |
| 2019-04-10 | CVE-2018-20321 | Exposure of Resource to Wrong Sphere vulnerability in Suse Rancher An issue was discovered in Rancher 2 through 2.1.5. | 9.0 |
| 2017-03-29 | CVE-2017-7297 | Unspecified vulnerability in Suse Rancher Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. | 6.5 |