GMS-2023-141: Rancher generated tokens not revoked after modifications made to authentication provider

January 25, 2023

This issue affects Rancher versions from 2.5.0 up to and including 2.5.16, from 2.6.0 up to and including 2.6.9 and 2.7.0.

References

github.com/advisories/GHSA-c45c-39f6-6gw9
github.com/rancher/rancher/security/advisories/GHSA-c45c-39f6-6gw9

Code Behaviors & Features

Detect and mitigate GMS-2023-141 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →