Vulnerabilities > Suse > Rancher > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2020-10676 | Incorrect Authorization vulnerability in Suse Rancher In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project. | 8.8 |
| 2023-06-01 | CVE-2022-43760 | Cross-site Scripting vulnerability in Suse Rancher An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. | 8.4 |
| 2023-06-01 | CVE-2023-22647 | Privilege Defined With Unsafe Actions vulnerability in Suse Rancher An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. | 8.0 |
| 2023-06-01 | CVE-2023-22648 | Privilege Dropping / Lowering Errors vulnerability in Suse Rancher 2.6.10/2.7.0/2.7.1 A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. | 8.8 |
| 2023-02-07 | CVE-2022-21953 | Missing Authorization vulnerability in Suse Rancher A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | 8.8 |
| 2023-02-07 | CVE-2022-43757 | Cleartext Storage of Sensitive Information vulnerability in Suse Rancher A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. | 8.8 |
| 2023-02-07 | CVE-2022-43759 | Improper Privilege Management vulnerability in Suse Rancher A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. | 8.8 |
| 2022-05-02 | CVE-2021-36778 | Incorrect Authorization vulnerability in Suse Rancher A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. | 7.5 |
| 2019-07-30 | CVE-2019-11202 | Improper Authentication vulnerability in Suse Rancher An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. | 7.5 |