CVE-2019-6287

Опубликовано: 10 апр. 2019

Источник: nvd

CVSS3: 8.1

CVSS2: 6.5

EPSS Низкий

Описание

In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.

Ссылки

https://forums.rancher.com/c/announcements
Vendor Advisory
https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11/
Vendor Advisory
https://forums.rancher.com/c/announcements
Vendor Advisory
https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.1.5 (включая)

EPSS

Процентиль: 39%

0.00172

Низкий

8.1 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-6r7x-4q7g-h83j