Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

rancher — Vulnerabilities & Security Advisories 54

All 54 CVE vulnerabilities found in rancher, with AI-generated Chinese analysis, references, and POCs.

This page presents a curated aggregation of Common Weakness Enumeration entries specifically affecting Rancher, the popular container management platform developed by SUSE. It compiles known security vulnerabilities, configuration flaws, and integration weaknesses identified within the Rancher software ecosystem and its associated control plane components. The collection spans publicly disclosed issues from early development stages through recent stable releases, ensuring a comprehensive historical view of the product's security landscape. Here, security professionals and system administrators can systematically track vendor advisories and patch notes related to Rancher over time. Users can explore the specific characteristics of various weakness classes as they manifest in container orchestration environments, gaining insight into common attack vectors and misconfigurations. Furthermore, the page allows for a detailed lookup of a specific product version’s vulnerability history, enabling teams to assess risk exposure based on their current deployment state. This resource serves as a centralized reference for understanding the breadth of security challenges associated with Rancher, facilitating better vulnerability management and informed decision-making during upgrades or incident response activities. By organizing these disparate data points into a coherent structure, the page supports proactive security hygiene and helps maintain the integrity of Kubernetes-based infrastructures managed through the platform.

Vendor: SUSE

CVE IDTitleCVSSSeverityPublished
CVE-2023-22648 Rancher Labs Rancher 安全漏洞 CWE-271 8.0 High2023-06-01
CVE-2023-22651 Rancher 安全漏洞 CWE-269 9.9 Critical2023-05-04
CVE-2022-31249 [RANCHER] OS command injection in Rancher and Fleet CWE-78 7.5 High2023-02-07
CVE-2022-21953 Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster CWE-862 7.4 High2023-02-07
CVE-2022-43755 Rancher: Non-random authentication token CWE-331 7.1 High2023-02-07
CVE-2022-43756 Rancher/Wrangler: Denial of service when processing Git credentials CWE-74 5.9 Medium2023-02-07
CVE-2022-43758 Rancher: Command injection in Git package CWE-78 7.6 High2023-02-07
CVE-2022-43759 Rancher: Privilege escalation via promoted roles CWE-269 7.2 High2023-02-07
CVE-2022-43757 Rancher: Exposure of sensitive fields CWE-312 9.9 Critical2023-02-07
CVE-2022-31247 Rancher: Downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB) CWE-285 9.1 Critical2022-09-07
CVE-2021-36783 Rancher: Failure to properly sanitize credentials in cluster template answers CWE-522 9.9 Critical2022-09-07
CVE-2021-36782 Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object CWE-312 9.9 Critical2022-09-07
CVE-2022-21951 Rancher: Weave CNI password is not set if RKE template is used with CNI value overridden CWE-319 6.8 Medium2022-05-25
CVE-2021-4200 Write access to the Catalog for any user when restricted-admin role is enabled CWE-269 5.4 Medium2022-05-02
CVE-2021-36784 Privilege escalation for users with create/update permissions in Global Roles CWE-269 7.2 High2022-05-02
CVE-2021-36778 Exposure of repository credentials to external third-party sources CWE-863 7.3 High2022-05-02
CVE-2021-36776 Steve API proxy impersonation CWE-284 8.8 High2022-04-01
CVE-2021-36775 Deleting PRTBs associated to a group doesn't cause deletion of corresponding RoleBindings CWE-284 8.8 High2022-04-01
CVE-2022-21947 rancher desktop: Dashboard API is network accessible CWE-668 8.3 High2022-04-01
CVE-2021-32001 K3s/RKE2 bootstrap data is encrypted with empty string if user does not supply a token CWE-311 6.5 Medium2021-07-28
CVE-2021-31999 Rancher: Privilege escalation vulnerability via malicious Connection header CWE-807 8.8 High2021-07-15
CVE-2021-25320 Rancher: Cloud credentials can be used through proxy API by users without access CWE-284 9.9 Critical2021-07-15
CVE-2021-25318 rancher: API group not properly specified when creating Kubernetes RBAC resources CWE-732 8.8 High2021-07-15
CVE-2021-25313 Rancher: XSS on /v3/cluster/ CWE-79 7.1 High2021-03-05

All 54 known CVE vulnerabilities affecting rancher with full Chinese analysis, references, and POCs where available.