CVE-2021-36783
CRITICALSUSE Rancher 2.5.0-2.5.12 - Authenticated Cleartext Credential Exposure via API Endpoints
Title source: llmDescription
A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1193990
Third Party Advisory
https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8
Scores
CVSS v3
9.9
EPSS
0.0048
EPSS Percentile
65.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (2)
rancher/rancher
2.5.0 - 2.5.13Go
suse/rancher
2.5.0 - 2.5.13
Published
Sep 07, 2022
Tracked Since
Feb 18, 2026