-
Notifications
You must be signed in to change notification settings - Fork 2.9k
Security: rancher/rancher
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication ProviderGHSA-9ghh-mmcq-8phc published
Jun 17, 2024 by pdellamoreHigh -
External RoleTemplates can lead to privilege escalationGHSA-64jq-m7rq-768h published
Jun 17, 2024 by pdellamoreModerate -
RKE1 Encryption Config kept in plain-text within cluster AppliedSpecGHSA-q6c7-56cq-g2wm published
Jun 17, 2024 by pdellamoreModerate -
Permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'GHSA-c85r-fwc7-45vc published
Feb 8, 2024 by andypitcherHigh -
Rancher 'Audit Log' leaks sensitive informationGHSA-xfj7-qf8w-2gcr published
Feb 8, 2024 by andypitcherHigh -
Users retain access after moving namespaces into projects they don't have access toGHSA-8vhc-hwhc-cpj4 published
Jun 1, 2023 by macedogmHigh -
Privilege Escalation via manipulation of SecretsGHSA-p976-h52c-26p6 published
Jun 1, 2023 by macedogmCritical -
Multiple Cross-Site Scripting (XSS) issues in Rancher UIGHSA-46v3-ggjg-qq3x published
Jun 1, 2023 by macedogmHigh -
Azure AD permission changes are not reflected on active sessionsGHSA-vf6j-6739-78m8 published
Jun 1, 2023 by macedogmHigh -
Rancher Webhook is misconfigured during upgrade processGHSA-6m9f-pj6w-w87g published
Apr 24, 2023 by macedogmCritical