CVE-2021-31999
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rancher | Rancher | Rancher < 2.5.9 | affected |
| Rancher | SUSE Linux Enterprise Server 15 | Rancher < 2.4.16 | affected |
Weaknesses
- CWE-807: CWE-807: Reliance on Untrusted Inputs in a Security Decision
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.