This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Sensitive data is stored in **plaintext** within Rancher. <br>π₯ **Consequences**: Any user with read access to Kubernetes API objects can retrieve **cleartext secrets**.β¦
π‘οΈ **CWE-312**: Cleartext Storage of Sensitive Information. <br>π **Flaw**: The platform fails to encrypt sensitive configuration data or secrets before storing them, exposing them to anyone with basic read privileges.
Q3Who is affected? (Versions/Components)
π¦ **Vendor**: SUSE / Rancher Labs. <br>π **Affected Versions**: <br>β’ 2.5.0 to 2.5.15 <br>β’ 2.6.0 to 2.6.6. <br>β οΈ Check your specific Rancher deployment version immediately!
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Attacker Action**: Retrieve **plaintext sensitive data**. <br>π **Privileges Needed**: Only **read permission** on Kubernetes API objects. <br>π **Impact**: High (C/H/I:H/A:H).β¦
π **Threshold**: **Low** for internal attackers. <br>π **Auth Required**: Yes, but minimal. Just **read access** to K8s API objects. <br>π **Vector**: Network (AV:N). No UI interaction needed (UI:N).
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public PoC**: Yes. <br>π **Link**: [Terraform Module](https://github.com/fe-ax/tf-cve-2021-36782). <br>π **Status**: Demo module exists to launch vulnerable Rancher 2.6.6 for testing.β¦
π **Self-Check**: <br>1. Verify Rancher version (2.5.x-2.5.15 or 2.6.x-2.6.6). <br>2. Scan for **plaintext secrets** in Kubernetes API responses. <br>3. Check if sensitive configs are readable by standard users.
Q8Is it fixed officially? (Patch/Mitigation)
π οΈ **Fix**: Upgrade to a patched version (above 2.5.15 and 2.6.6). <br>π **Advisory**: [GitHub Advisory](https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f).β¦