CVE-2021-36782 : A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allow

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

Published 2022-09-07 09:15:08

Updated 2023-01-18 14:29:28

Source SUSE

View at NVD, CVE.org

Products affected by CVE-2021-36782

Suse » Rancher
Versions from including (>=) 2.5.0 and before (<) 2.5.16
cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*
Matching versions
Suse » Rancher
Versions from including (>=) 2.6.0 and before (<) 2.6.7
cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-36782

EPSS FAQ

80.68%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2021-36782

Rancher Authenticated API Credential Exposure

Disclosure Date: 2022-08-18

First seen: 2024-04-20

auxiliary/gather/rancher_authenticated_api_cred_exposure

An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Ranchers service account token (used to provision clusters), were stored in plaintext directly on Kubernetes objects like Clu

More information

CVSS scores for CVE-2021-36782

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.9	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	3.1	6.0	SUSE
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
9.9	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	3.1	6.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-36782

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Assigned by: meissner@suse.de (Primary)

References for CVE-2021-36782

https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f

Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object · Advisory · rancher/rancher · GitHub
Exploit;Mitigation;Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1193988

Bug 1193988 – CVE-2021-36782: Rancher - Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object
Exploit;Issue Tracking;Mitigation;Vendor Advisory

Jump to