CVE-2021-36783

CRITICAL

Suse Rancher < 2.5.13 - Insufficiently Protected Credentials

Title source: rule

Description

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.

References (2)

Scores

CVSS v3 9.9
EPSS 0.0048
EPSS Percentile 64.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE
CWE-522
Status published

Affected Products (2)

suse/rancher < 2.5.13
rancher/rancher < 2.5.13Go

Timeline

Published Sep 07, 2022
Tracked Since Feb 18, 2026