Browse all 3 CVE security advisories affecting Rancher. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rancher is an open-source platform for managing Kubernetes clusters, enabling organizations to deploy, secure, and operate containerized applications at scale. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from misconfigurations or insecure default settings. Notable security characteristics include its role as a management layer for multiple Kubernetes distributions, which can amplify the impact of compromises. While no major public incidents have been widely documented, the platform's CVE history highlights risks associated with its web interface and API endpoints, particularly in default installations where security hardening may be overlooked.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-31999 | Rancher: Privilege escalation vulnerability via malicious Connection header — RancherCWE-807 | 8.8 | High | 2021-07-15 |
| CVE-2021-25320 | Rancher: Cloud credentials can be used through proxy API by users without access — RancherCWE-284 | 9.9 | Critical | 2021-07-15 |
| CVE-2021-25318 | rancher: API group not properly specified when creating Kubernetes RBAC resources — RancherCWE-732 | 8.8 | High | 2021-07-15 |
This page lists every published CVE security advisory associated with Rancher. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.