CVE-2021-36782: Cleartext Storage of Sensitive Information

September 23, 2022

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

References

bugzilla.suse.com/show_bug.cgi?id=1193988
github.com/advisories/GHSA-g7j7-h4q8-8w2f
github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f
nvd.nist.gov/vuln/detail/CVE-2021-36782

Code Behaviors & Features

Detect and mitigate CVE-2021-36782 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →