CVE-2021-4200: Improper Privilege Management

May 2, 2022

A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.

References

github.com/advisories/GHSA-hx8w-ghh8-r4xf
github.com/rancher/rancher/security/advisories/GHSA-hx8w-ghh8-r4xf
rancher.com/docs/rancher/v2.6/en/admin-settings/rbac/global-permissions/

Detect and mitigate CVE-2021-4200 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →