Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-36782 PoC — Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object

Source
https://github.com/fe-ax/tf-cve-2021-36782
Associated Vulnerability
Title:Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object (CVE-2021-36782)
Description:A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
Description
A Terraform module to launch Rancher 2.6.6 for blog article about CVE-2021-36782
Readme
# Demo Terraform module for CVE-2021-36782

This is a Terraform module to demo CVE-2021-36782.

## Quick start

 * Clone repository
 * Run `terraform init`
 * Copy `example.tfvars` to `yourown.tfvars`
 * Edit `yourown.tfvars`. You just need to add a digital ocean API token
 * Run `terraform apply -var-file yourown.tfvars`
 * Give it ~20 minutes
File Snapshot

 [4.0K]  /data/pocs/3835f7054b1caf1b60e2d8323d5a2c30f1108477
├── [ 578]  00-main.tf
├── [ 195]  01-cloud.tf
├── [ 378]  02-rke.tf
├── [ 905]  03-rancher.tf
├── [ 343]  example.tfvars
├── [4.0K]  modules
│   ├── [4.0K]  cloud
│   │   ├── [2.1K]  main.tf
│   │   ├── [ 220]  provision-docker.tftpl
│   │   └── [  56]  variables.tf
│   ├── [4.0K]  rancher
│   │   ├── [ 361]  certmanager.tf
│   │   ├── [ 502]  main.tf
│   │   ├── [1.1K]  rancher.tf
│   │   └── [  29]  variables.tf
│   ├── [4.0K]  rancher-extra
│   │   ├── [1.3K]  main.tf
│   │   ├── [ 330]  provision-docker-extra.tftpl
│   │   ├── [1.8K]  rancher.tf
│   │   └── [  84]  variables.tf
│   └── [4.0K]  rke
│       ├── [ 930]  main.tf
│       └── [ 124]  variables.tf
├── [ 346]  README.md
└── [ 636]  variables.tf

5 directories, 20 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →