Github.Com Rancher Rancher vulnerabilities
56 known vulnerabilities affecting github.com/rancher_rancher.
Total CVEs
56
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH31MEDIUM13
Vulnerabilities
Page 1 of 3
CVE-2021-36782P2CRITICALPoC≥ 2.5.0, < 2.5.16≥ 2.6.0, < 2.6.72022-09-23
CVE-2021-36782 [CRITICAL] CWE-312 Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
### Impact
An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Rancher's service account token (used to provision clusters), were stored in plaintext directly
ghsaosv
CVE-2023-22649P3HIGHPoC≥ 2.6.0, < 2.6.14≥ 2.7.0, < 2.7.10+1 more2024-02-08
CVE-2023-22649 [HIGH] CWE-532 Rancher 'Audit Log' leaks sensitive information
Rancher 'Audit Log' leaks sensitive information
### Impact
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-g
ghsaosv
CVE-2022-43755P3CRITICALCVSS 9.9≥ 2.6.0, < 2.6.10≥ 2.7.0, < 2.7.12023-01-25
CVE-2022-43755 [CRITICAL] CWE-330 Rancher cattle-token is predictable
Rancher cattle-token is predictable
### Impact
An issue was discovered in Rancher versions up to and including 2.6.9 and 2.7.0, where the `cattle-token` secret, used by the `cattle-cluster-agent`, is predictable. Even after the token is regenerated, it will have the same value. This issue is not present in Rancher 2.5 releases.
The `cattle-token` is used by Rancher's `cattle-cluster-agent` to connect to the Kubernetes API o
ghsaosv
CVE-2021-36783P2CRITICAL≥ 2.5.0, < 2.5.13≥ 2.6.0, < 2.6.42026-03-03
CVE-2021-36783 [CRITICAL] CWE-200 Rancher doesn't properly sanitize credentials in cluster template answers
Rancher doesn't properly sanitize credentials in cluster template answers
### Impact
It was discovered that in Rancher versions up to and including 2.5.12 and 2.6.3 there is a failure to properly sanitize credentials in cluster template answers. This failure can lead to plaintext storage and exposure of credentials, passwords and API tokens.
The exposed credentials are visible in Ranche
ghsaosv
CVE-2019-11202P3CRITICAL≥ 2.0.0, ≤ 2.0.13≥ 2.1.0, ≤ 2.1.8+1 more2022-05-24
CVE-2019-11202 [CRITICAL] CWE-287 Rancher Recreates Default User With Known Password Despite Deletion
Rancher Recreates Default User With Known Password Despite Deletion
An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default adm
ghsaosv
CVE-2021-25320P3CRITICAL≥ 2.2.0, < 2.4.16≥ 2.5.0, < 2.5.92026-03-03
CVE-2021-25320 [CRITICAL] CWE-284 Rancher cloud credentials can be used through proxy API by users without access
Rancher cloud credentials can be used through proxy API by users without access
A vulnerability was discovered in Rancher 2.2.0 through the aforementioned patched versions, where cloud credentials weren't being properly validated through the Rancher API. Specifically through a proxy designed to communicate with cloud providers. Any Rancher user that was logged-in and aware of a clou
ghsaosv
CVE-2023-22651P3CRITICAL≥ 2.7.2, < 2.7.3≥ 0.0.0-20220922131902-ec6d6d3a7616, < 0.0.0-20230424183121-6d9a175954c62023-04-24
CVE-2023-22651 [CRITICAL] CWE-269 Rancher Webhook is misconfigured during upgrade process
Rancher Webhook is misconfigured during upgrade process
### Impact
A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster.
When the Webhook is operating in a degraded state, it no longer validates any resources, which may result in s
ghsaosv
CVE-2018-20321P3MEDIUM≥ 2.0.0, < 2.1.62021-06-23
CVE-2018-20321 [MEDIUM] CWE-288 Access Control Bypass
Access Control Bypass
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this b
ghsaosv
CVE-2022-43757P3CRITICALCVSS 9.9≥ 2.5.0, < 2.5.17≥ 2.6.0, < 2.6.10+1 more2023-01-25
CVE-2022-43757 [CRITICAL] CWE-200 Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
### Impact
This issue affects Rancher versions from 2.5.0 up to and including 2.5.16, from 2.6.0 up to and including 2.6.9 and 2.7.0. It was discovered that the security advisory CVE-2021-36782 (GHSA-g7j7-h4q8-8w2f), previously released by Rancher, missed addressing some sensitiv
ghsaosv
CVE-2019-12303P3HIGH≥ 2.0.0, < 2.2.42022-05-24
CVE-2019-12303 [HIGH] CWE-74 Rancher code injection via fluentd config commands
Rancher code injection via fluentd config commands
In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container.
ghsaosv
CVE-2021-36776P3HIGH≥ 2.5.0, < 2.5.102024-04-24
CVE-2021-36776 [HIGH] CWE-284 Rancher's Steve API Component Improper authorization check allows privilege escalation
Rancher's Steve API Component Improper authorization check allows privilege escalation
### Impact
A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowledge of the impersonated user's credentials. This is due to the Steve API proxy not droppi
ghsaosv
CVE-2024-22036P3CRITICAL≥ 2.7.0, < 2.7.16≥ 2.8.0, < 2.8.9+1 more2024-10-25
CVE-2024-22036 [CRITICAL] CWE-269 Rancher Remote Code Execution via Cluster/Node Drivers
Rancher Remote Code Execution via Cluster/Node Drivers
### Impact
A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the `chroot` jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher container itself. For the test and development envi
ghsaosv
CVE-2023-22650P3HIGH≥ 2.7.0, < 2.7.14≥ 2.8.0, < 2.8.52024-06-17
CVE-2023-22650 [HIGH] CWE-287 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
### Impact
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher
ghsaosv
CVE-2025-23391P3CRITICAL≥ 2.8.0, < 2.8.14≥ 2.9.0, < 2.9.8+1 more2025-04-01
CVE-2025-23391 [CRITICAL] CWE-266 Rancher: Restricted Administrator can change Administrator's passwords
Rancher: Restricted Administrator can change Administrator's passwords
### Impact
A vulnerability has been identified within Rancher where a Restricted Administrator can change the password of Administrators and take over their accounts.
A Restricted Administrator should be not allowed to change the password of more privileged users unless it contains the Manage Users permissions.
Rancher
ghsaosv
CVE-2022-43759P3HIGH≥ 2.5.0, < 2.5.17≥ 2.6.0, < 2.6.102023-01-25
CVE-2022-43759 [HIGH] CWE-269 Privilege escalation in project role template binding (PRTB) and -promoted roles
Privilege escalation in project role template binding (PRTB) and -promoted roles
### Impact
An issue was discovered in Rancher versions from 2.5.0 up to and including 2.5.16 and from 2.6.0 up to and including 2.6.9, where an authorization logic flaw allows privilege escalation via project role template binding (PRTB) and `-promoted` roles. This issue is not present in Rancher 2.7 rele
ghsaosv
CVE-2022-21953P3HIGH≥ 2.5.0, < 2.5.17≥ 2.6.0, < 2.6.10+1 more2023-01-25
CVE-2022-21953 [HIGH] CWE-284 Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
### Impact
An issue was discovered in Rancher where an authorization logic flaw allows an authenticated user on any downstream cluster to (1) open a shell pod in the Rancher `local` cluster and (2) have limited `kubectl` access to it. The expected behavior is that a user does not have
ghsaosv
CVE-2021-25318P3HIGH≥ 2.0.0, < 2.4.16≥ 2.5.0, < 2.5.92024-04-24
CVE-2021-25318 [HIGH] CWE-732 Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
A vulnerability was discovered in Rancher versions 2.0 through the aforementioned fixed versions, where users were granted access to resources regardless of the resource's API group. For example Rancher should have allowed users access to `apps.catalog.cattle.io`, but instead incorrectly gave access to
ghsaosv
CVE-2020-10676P3HIGH≥ 2.6.0, < 2.6.13≥ 2.7.0, < 2.7.42023-06-06
CVE-2020-10676 [HIGH] CWE-863 Rancher users retain access after moving namespaces into projects they don't have access to
Rancher users retain access after moving namespaces into projects they don't have access to
### Impact
A vulnerability was identified in which users with update privileges on a namespace, can move that namespace into a project they don't have access to. After the namespace transfer is completed, their previous permissions are still preserved, which enables them to gain acces
ghsaosv
CVE-2021-36775P3HIGH≥ 0, < 2.4.18≥ 2.5.0, < 2.5.12+1 more2024-04-24
CVE-2021-36775 [HIGH] CWE-284 Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
### Impact
This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2.
When removing a Project Role associated to a group from a project, the bindi
ghsaosv
CVE-2025-23389P3HIGH≥ 2.8.0, < 2.8.13≥ 2.9.0, < 2.9.7+1 more2025-02-27
CVE-2025-23389 [HIGH] CWE-284 Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
### Impact
A vulnerability in Rancher has been discovered, leading to a local user impersonation through SAML Authentication on first login.
The issue occurs when a SAML authentication provider (AP) is configured (e.g. Keycloak). A ne
ghsaosv
1 / 3Next →