Vulnerability — CVE-2021-36782

CVE-2021-36782

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2021-36782
Description:: A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
Last updated date:: 01/18/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/10/2022
Reference url to background: https://bugzilla.suse.com/show_bug.cgi?id=1193988

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/10/2022
Reference url to background: https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f

Type:: exploit
Confidence:: HIGH
Date of publishing:: 04/19/2024
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/rancher_authenticated_api_cred_exposure.rb