CVE-2019-6287 — Improper Privilege Management in Rancher Rancher

CWE-269 — Improper Privilege Management5 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.2%

top 61.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Rancher Rancher Suse Rancher

Timeline

PublishedApr 10

Latest updateJun 5

Description

In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶Gogithub.com/rancher_rancher2.0.0+incompatible — 2.1.6+incompatible+1

▶NVDsuse/rancher2.0.0 — 2.1.5

🔴Vulnerability Details

OSV

Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher↗2024-06-05

▶

OSV

Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them↗2022-05-13

▶

GHSA

Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them↗2022-05-13

▶

CVEList

CVE-2019-6287: In Rancher 2↗2019-04-10

▶