CVE-2019-6287
published 2019-04-10CVE-2019-6287: In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed…
PriorityP338high8.1CVSS 3.0
AVNACLPRLUINSUCHIHAN
EPSS
1.05%
59.9th percentile
In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.0.0 < 2.1.6 | 2.1.6 |
| github.com | rancher_rancher | >= 2.0.0+incompatible < 2.1.6+incompatible | 2.1.6+incompatible |
| suse | rancher | 2.0.0 – 2.1.5 | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher
osv·2024-06-05
CVE-2019-6287 Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher
OSV
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
osv·2022-05-13
CVE-2019-6287 [HIGH] Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.
GHSA
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
ghsa·2022-05-13
CVE-2019-6287 [HIGH] CWE-269 Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://forums.rancher.com/c/announcementshttps://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11/https://forums.rancher.com/c/announcementshttps://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11/
2019-04-10
Published