Описание
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-6287
- https://github.com/rancher/rancher/issues/17244
- https://github.com/rancher/rancher/issues/17724
- https://forums.rancher.com/t/rancher-release-v2-1-6/13148
- https://forums.rancher.com/t/rancher-security-announcement-cve-2018-20321-and-cve-2019-6287/13149
- https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11
Пакеты
Наименование
github.com/rancher/rancher
go
Затронутые версииВерсия исправления
>= 2.0.0, <= 2.1.5
2.1.6
Связанные уязвимости
CVSS3: 8.1
nvd
почти 7 лет назад
In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.