CVE-2021-36778

Exposure of repository credentials to external third-party sources in Rancher in go/github.com/rancher/rancher

Identifiers

GHSA-4fc7-hc63-7fjg, CVE-2021-36778

Package Slug

go/github.com/rancher/rancher

Vulnerability

Exposure of repository credentials to external third-party sources in Rancher

Description

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.

Affected Versions

All versions starting from 2.5.0 before 2.5.12, all versions starting from 2.6.0 before 2.6.3

Solution

Upgrade to versions 2.6.3 or above.

Last Modified

2022-05-03

source