CVE-2021-36776
published 2022-04-04CVE-2021-36776: A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.07%
60.7th percentile
A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.5.0 < 2.5.10 | 2.5.10 |
| rancher | rancher | < 2.5.10 | 2.5.10 |
| suse | rancher | >= Rancher < 2.5.10 | 2.5.10 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher
osv·2024-06-05
CVE-2021-36776 Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher
Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher
Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.5.0 before v2.5.10.
GHSA
Rancher's Steve API Component Improper authorization check allows privilege escalation
ghsa·2024-04-24
CVE-2021-36776 [HIGH] CWE-284 Rancher's Steve API Component Improper authorization check allows privilege escalation
Rancher's Steve API Component Improper authorization check allows privilege escalation
### Impact
A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowledge of the impersonated user's credentials. This is due to the Steve API proxy not dropping the impersonation header before sending the request to the Kubernetes API. A malicious user with authenticated access to Rancher could use this to impersonate another user with administrator access in Rancher, receiving, then, administrator level access in the cluster.
### Patches
Patched versions include releases 2.5.10, 2.6.0 and later versions.
### Workarounds
Limit access in Rancher to trusted users. Ther
OSV
Rancher's Steve API Component Improper authorization check allows privilege escalation
osv·2024-04-24
CVE-2021-36776 [HIGH] Rancher's Steve API Component Improper authorization check allows privilege escalation
Rancher's Steve API Component Improper authorization check allows privilege escalation
### Impact
A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowledge of the impersonated user's credentials. This is due to the Steve API proxy not dropping the impersonation header before sending the request to the Kubernetes API. A malicious user with authenticated access to Rancher could use this to impersonate another user with administrator access in Rancher, receiving, then, administrator level access in the cluster.
### Patches
Patched versions include releases 2.5.10, 2.6.0 and later versions.
### Workarounds
Limit access in Rancher to trusted users. Ther
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-04
Published