rancher · threatengine.sh

CVE-2025-67601

>= 2.10.0 and < 2.10.11

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify

8.3HIGH

CVE-2023-22649

>= 2.7.0 and < 2.7.10

A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. Rancher Audit Logging

8.4HIGH

CVE-2020-10676

>= 2.0.0 and < 2.6.13

In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain acce

8.8HIGH

CVE-2023-22648

>= 2.6.7 and < 2.6.13

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users

8.0HIGH

CVE-2023-22647

>= 2.6.0 and < 2.6.13

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to ma

9.9CRITICAL

CVE-2022-43760

>= 2.6.0 and < 2.6.13

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users

8.4HIGH

CVE-2023-22651

>= 2.6.0 and <= 2.7.2

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher'

9.9CRITICAL

CVE-2022-43759

>= 2.5.0 and < 2.5.17

A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate

7.2HIGH

CVE-2022-43758

>= 2.5.0 and < 2.5.17

A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows

7.6HIGH

CVE-2022-43757

>= 2.5.0 and < 2.5.17

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to cred

9.9CRITICAL

CVE-2022-43755

>= 2.6.0 and < 2.6.10

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusin

7.1HIGH

CVE-2022-21953

>= 2.5.0 and < 2.5.17

A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl

7.4HIGH

CVE-2022-31247

>= 2.5.0 and < 2.5.16

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template

9.1CRITICAL

CVE-2021-36783

>= 2.5.0 and < 2.5.13

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project

9.9CRITICAL

CVE-2021-36782

>= 2.5.0 and < 2.5.16

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, P

9.9CRITICAL

CVE-2022-21951

>= 2.5.0 and < 2.5.14

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read a

6.8MEDIUM

CVE-2021-4200

< 2.5.13

A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admi

5.4MEDIUM

CVE-2021-36784

< 2.5.13

A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admi

7.2HIGH

CVE-2021-36778

< 2.5.12

A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials th

7.3HIGH

CVE-2021-36776

< 2.5.10

A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: S

8.8HIGH

CVE-2021-36775

< 2.4.18

a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue

8.8HIGH

CVE-2021-31999

< 2.4.16

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users

8.8HIGH

CVE-2021-25320

< 2.4.16

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating req

9.9CRITICAL

CVE-2021-25318

< 2.4.16

A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources t

8.8HIGH

CVE-2021-25313

< 2.5.6

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote atta

7.1HIGH

CVE-2019-13209

>= 2.0.0 and <= 2.2.4

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to cluste

6.1MEDIUM

CVE-2019-11202

>= 2.0.0 and <= 2.0.13

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0

9.8CRITICAL

CVE-2019-11881

all versions

A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arb

4.7MEDIUM

CVE-2019-12303

>= 2.0.0 and <= 2.2.3

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands

8.8HIGH

CVE-2019-12274

>= 1.0.0 and <= 1.6.28

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management

8.8HIGH

CVE-2019-6287

>= 2.0.0 and <= 2.1.5

In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project

8.1HIGH

CVE-2018-20321

>= 2.0.0 and <= 2.1.5

An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-de

8.8HIGH

CVE-2017-7297

>= 1.2.0 and < 1.2.4

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in

8.8HIGH

suse rancher