CVE-2021-36778: Exposure of repository credentials to external third-party sources in Rancher

May 2, 2022

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.

References

github.com/advisories/GHSA-4fc7-hc63-7fjg
github.com/rancher/rancher/security/advisories/GHSA-4fc7-hc63-7fjg

Detect and mitigate CVE-2021-36778 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →