CVE-2021-36784
published 2022-05-02CVE-2021-36784: A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE…
PriorityP341high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.84%
53.3th percentile
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.5.0 < 2.5.13 | 2.5.13 |
| github.com | rancher_rancher | >= 2.6.0 < 2.6.4 | 2.6.4 |
| suse | rancher | < 2.5.13 | 2.5.13 |
| suse | rancher | >= 2.6.0 < 2.6.4 | 2.6.4 |
| suse | rancher | >= Rancher < 2.5.13 | 2.5.13 |
| suse | rancher | >= Rancher < 2.6.4 | 2.6.4 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Privilege escalation for users with create/update permissions in Global Roles in Rancher
ghsa·2022-05-02
CVE-2021-36784 [MEDIUM] CWE-269 Privilege escalation for users with create/update permissions in Global Roles in Rancher
Privilege escalation for users with create/update permissions in Global Roles in Rancher
### Impact
This vulnerability affects customers who utilize non-admin users that are able to create or edit [Global Roles](https://rancher.com/docs/rancher/v2.6/en/admin-settings/rbac/). The most common use case for this scenario is the [`restricted-admin`](https://rancher.com/docs/rancher/v2.6/en/admin-settings/rbac/global-permissions/#restricted-admin) role.
A flaw was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 which allows users who have create or update permissions on Global Roles to escalate their permissions, or those of another user, to admin-level permissions. Global Roles grant users Rancher-wide permissions, such as the abil
OSV
Privilege escalation for users with create/update permissions in Global Roles in Rancher
osv·2022-05-02
CVE-2021-36784 [MEDIUM] Privilege escalation for users with create/update permissions in Global Roles in Rancher
Privilege escalation for users with create/update permissions in Global Roles in Rancher
### Impact
This vulnerability affects customers who utilize non-admin users that are able to create or edit [Global Roles](https://rancher.com/docs/rancher/v2.6/en/admin-settings/rbac/). The most common use case for this scenario is the [`restricted-admin`](https://rancher.com/docs/rancher/v2.6/en/admin-settings/rbac/global-permissions/#restricted-admin) role.
A flaw was discovered in Rancher versions from 2.5.0 up to and including 2.5.12 and from 2.6.0 up to and including 2.6.3 which allows users who have create or update permissions on Global Roles to escalate their permissions, or those of another user, to admin-level permissions. Global Roles grant users Rancher-wide permissions, such as the abil
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-05-02
Published