Описание
A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra-* headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.
EPSS
Процентиль: 1%
0.00012
Низкий
4.7 Medium
CVSS3
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 4.7
github
4 месяца назад
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
EPSS
Процентиль: 1%
0.00012
Низкий
4.7 Medium
CVSS3
Дефекты
CWE-200