Description
In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://forums.rancher.com/c/announcements
Release Notes, Vendor Advisory x_refsource_confirm
https://forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466
Scores
CVSS v3
8.8
EPSS
0.0019
EPSS Percentile
40.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
CWE-668
Status
published
Products (2)
rancher/rancher
2.0.0 - 2.2.4Go
suse/rancher
1.0.0 - 1.6.28
Published
Jun 06, 2019
Tracked Since
Feb 18, 2026