CVE-2021-36782

CRITICAL

SUSE Rancher < 2.5.16 - Authenticated Cleartext Storage of Sensitive Information via Kubernetes API

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-36782. PoCs published by fe-ax, h00die, Florian Struck, Marco Stuurman, including Metasploit module auxiliary/gather/rancher_authenticated_api_cred_exposure.

AI-analyzed exploit summary This Terraform module automates the deployment of infrastructure to demonstrate CVE-2021-36782, a vulnerability in DigitalOcean's infrastructure. It requires a DigitalOcean API token and deploys resources to exploit the vulnerability.

Description

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

Exploits (2)

nomisec WORKING POC

by fe-ax · poc

https://github.com/fe-ax/tf-cve-2021-36782

View Code ZIP pw:eip

This Terraform module automates the deployment of infrastructure to demonstrate CVE-2021-36782, a vulnerability in DigitalOcean's infrastructure. It requires a DigitalOcean API token and deploys resources to exploit the vulnerability.

Classification

Working Poc 80%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: DigitalOcean infrastructure

Auth required

Prerequisites: DigitalOcean API token · Terraform installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC

by h00die, Florian Struck, Marco Stuurman · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/rancher_authenticated_api_cred_exposure.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2021-36782 in Rancher versions up to 2.5.15 and 2.6.6, where sensitive credentials are stored in plaintext in Kubernetes objects. It authenticates and queries APIs to extract exposed credentials.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Rancher up to 2.5.15 and 2.6.6

Auth required

Prerequisites: Valid Rancher credentials · Network access to Rancher API

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm

https://bugzilla.suse.com/show_bug.cgi?id=1193988

Exploit, Mitigation, Third Party Advisory x_refsource_confirm

https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f

Scores

CVSS v3 9.9

EPSS 0.7961

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-312

Status published

Products (2)

rancher/rancher 2.5.0 - 2.5.16Go

suse/rancher 2.5.0 - 2.5.16

Published Sep 07, 2022

Tracked Since Feb 18, 2026