CVE-2021-31999

HIGH

Rancher <2.5.9, <2.4.16 - Privilege Escalation

Title source: llm

Description

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16.

References (1)

[Issue Tracking, Release Notes, Third Party Advisory] https://bugzilla.suse.com/show_bug.cgi?id=1187084

Scores

CVSS v3 8.8

EPSS 0.0038

EPSS Percentile 59.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-807

Status published

Products (2)

rancher/rancher < 2.4.16

rancher/rancher 2.0.0 - 2.4.16Go

Published Jul 15, 2021

Tracked Since Feb 18, 2026