Filtered by vendor Suse
Subscriptions
Total
1185 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-22649 | 2 Rancher, Suse | 2 Rancher, Rancher | 2024-10-31 | 8.4 High |
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue. | ||||
CVE-2023-32190 | 1 Suse | 1 Opensuse Tumbleweed | 2024-10-16 | 7.8 High |
mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. | ||||
CVE-2023-22650 | 1 Suse | 1 Rancher | 2024-10-16 | 8.8 High |
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable. | ||||
CVE-2023-32191 | 1 Suse | 1 Rke | 2024-10-16 | 9.9 Critical |
When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin. | ||||
CVE-2024-22030 | 1 Suse | 1 Rancher | 2024-10-16 | 8 High |
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL. |