CVE-2021-36784Improper Privilege Management in Rancher

CWE-269Improper Privilege ManagementCWE-285Improper Authorization4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.5%
top 34.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse RancherGithub.com Rancher Rancher
Timeline
PublishedMay 2

Description

A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

CVEListV5suse/rancherRancher2.5.13+1
NVDsuse/rancher2.6.02.6.4+1
Gogithub.com/rancher_rancher2.6.02.6.4+1

🔴Vulnerability Details

3
GHSA
Privilege escalation for users with create/update permissions in Global Roles in Rancher2022-05-02
OSV
Privilege escalation for users with create/update permissions in Global Roles in Rancher2022-05-02
CVEList
Privilege escalation for users with create/update permissions in Global Roles2022-05-02
CVE-2021-36784 — Improper Privilege Management | cvebase