CVE-2021-31999

Summary

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16.

Affected Software

VendorProductVersion RangeStatus
RancherRancherRancher < 2.5.9affected
RancherSUSE Linux Enterprise Server 15Rancher < 2.4.16affected

Weaknesses

  • CWE-807: CWE-807: Reliance on Untrusted Inputs in a Security Decision

ADP Enrichment

CVE Program Container

Additional References

References