admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#7137

Browse Source 
Auto-merge PR#7137
This commit is contained in:
CVE Team 2022-09-07 04:20:23 -04:00 committed by GitHub
commit b4823ac469
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 297 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
2021/36xxx/CVE-2021-36782.json
View File

@ -1,18 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2022-08-19T00:00:00.000Z",
"ID": "CVE-2021-36782",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Rancher",
"version_value": "2.5.16"
}
]
}
},
{
"product_name": "Rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Rancher",
"version_value": "2.6.7"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Florian Struck (from Continum AG) and Marco Stuurman (from Shock Media B.V.)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data.\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.5.16;\nRancher versions prior to 2.6.7."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1193988",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193988"
},
{
"name": "https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f",
"refsource": "CONFIRM",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1193988",
"defect": [
"1193988"
],
"discovery": "EXTERNAL"
}
}

103
2021/36xxx/CVE-2021-36783.json
View File

@ -1,18 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2022-08-19T00:00:00.000Z",
"ID": "CVE-2021-36783",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Rancher: Failure to properly sanitize credentials in cluster template answers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Rancher",
"version_value": "2.6.4"
}
]
}
},
{
"product_name": "Rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Rancher",
"version_value": "2.5.13"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints.\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.6.4;\nRancher versions prior to 2.5.13."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1193990",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193990"
},
{
"name": "https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8",
"refsource": "CONFIRM",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1193990",
"defect": [
"1193990"
],
"discovery": "INTERNAL"
}
}

103
2022/31xxx/CVE-2022-31247.json
View File

@ -1,18 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2022-08-19T00:00:00.000Z",
"ID": "CVE-2022-31247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Rancher: Downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Rancher",
"version_value": "2.6.7"
}
]
}
},
{
"product_name": "Rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Rancher",
"version_value": "2.5.16"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster.\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.6.7;\nRancher versions prior to 2.5.16."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1199730",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1199730"
},
{
"name": "https://github.com/rancher/rancher/security/advisories/GHSA-6x34-89p7-95wg",
"refsource": "CONFIRM",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-6x34-89p7-95wg"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1199730",
"defect": [
"1199730"
],
"discovery": "INTERNAL"
}
}