Guilherme Macedo

**Nome do Software Vulnerável e Versões Afetadas** Versões do Rancher 2.8.0 a 2.8.12 Versões do Rancher 2.9.0 a 2.9.6 Versões do Rancher 2.10.0 a 2.10.2 **Descrição** O problema está relacionado a um estouro de pilha (stack overflow) não autenticado no endpoint da API `/v3-public/authproviders`, o que pode levar a uma negação de serviço (DoS) e potencialmente permitir que um atacante se passe por qualquer outro usuário manipulando cookies. Esta vulnerabilidade afeta usuários de provedores de autenticação externos, bem como a autenticação local do Rancher. O número estimado de dispositivos potencialmente afetados não foi especificado. **Recomendações** Para as versões do Rancher 2.8.0 a 2.8.12, atualize para a versão 2.8.13 ou posterior. Para as versões do Rancher 2.9.0 a 2.9.6, atualize para a versão 2.9.7 ou posterior. Para as versões do Rancher 2.10.0 a 2.10.2, atualize para a versão 2.10.3 ou posterior. Como medida de contorno temporária, considere restringir o acesso ao endpoint da API `/v3-public/authproviders` até que um patch seja aplicado.

**Nome do software vulnerável e versões afetadas** Versões do Rancher anteriores à 2.8.9 Versões do Rancher anteriores à 2.9.3 Versões do Rancher 2.7.0 a 2.7.x **Descrição** Foi identificada uma vulnerabilidade na forma como o Rancher armazena as credenciais CPI (Cloud Provider Interface) e CSI (Container Storage Interface) do vSphere, utilizadas para implantar clusters por meio do provedor de nuvem vSphere. Esse problema faz com que as senhas CPI e CSI do vSphere sejam armazenadas em um objeto de texto simples dentro do Rancher. As senhas expostas estavam acessíveis nos seguintes objetos: `provisioning.cattle.io` em `spec.rkeConfig.chartValues.rancher-vsphere-cpi` e `spec.rkeConfig.chartValues.rancher-vsphere-csi`, e `rke.cattle.io.rkecontrolplane` em `spec.chartValues. rancher-vsphere-cpi` e `spec.chartValues.rancher-vsphere-csi`. A vulnerabilidade se aplica apenas a usuários que implantam clusters em ambientes vSphere. **Recomendações** Para versões do Rancher anteriores à 2.8.9, atualize para a versão 2.8.9 ou posterior e execute o script fornecido nas ferramentas de suporte para mitigar quaisquer credenciais vulneráveis remanescentes de clusters vSphere. Para versões do Rancher anteriores à 2.9.3, atualize para a versão 2.9.3 ou posterior e execute o script fornecido nas ferramentas de suporte para mitigar quaisquer credenciais vulneráveis remanescentes de clusters vSphere. Para versões do Rancher 2.7.0 a 2.7.x, atualize para uma das versões corrigidas seguindo o procedimento de atualização padrão com base na versão 2.7 que está sendo usada. Habilite o `provisionin

**Name of the Vulnerable Software and Affected Versions** SUSE Rancher versions prior to 2.6.10 SUSE Rancher versions prior to 2.7.1 **Description** A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the `cattle-token` to continue abusing this even after the token was renewed. The `cattle-token` secret, used by the `cattle-cluster-agent`, is predictable and does not use any random value in its composition, causing it to always be regenerated with the same value. This can pose a serious problem if the token is compromised and needs to be recreated for security purposes. The usage of the `cattle-token` by an unauthorized user allows to escalate privileges to the cluster owner of the affected downstream cluster. **Recommendations** For SUSE Rancher versions prior to 2.6.10, update to version 2.6.10 or later. For SUSE Rancher versions prior to 2.7.1, update to version 2.7.1 or later. After upgrading to a patched version, rotate the `cattle-token` in downstream clusters to guarantee that a new random token will be safely regenerated. This can be done by executing the following procedure in each downstream cluster provisioned by Rancher: Verify the current secret before rotating it using `kubectl describe secrets cattle-token -n cattle-system`. Delete the secret using `kubectl delete secrets cattle-token -n cattle-system`. Restart the `cattle-cluster-agent` deployment using `kubectl rollout restart deployment/cattle-cluster-agent -n cattle-system`. Confirm that a new and different secret was generated using `kubectl describe secrets cattle-token -n cattle-system`. As a temporary workaround, consider using the rotate script provided in the public security advisory to facilitate the rotation and creation of a new unique downstream cluster token.

**Name of the Vulnerable Software and Affected Versions** SUSE Rancher wrangler versions 0.7.3 and prior versions SUSE Rancher wrangler versions 0.8.4 and prior versions SUSE Rancher wrangler versions 1.0.0 and prior versions **Description** A denial of service vulnerability exists in the Wrangler Git package, allowing remote attackers to cause denial of service by supplying specially crafted git credentials. This issue is caused by a lack of input validation of Git credentials before they are used, which may lead to a denial of service in some cases. The issue can be triggered when accessing both private and public Git repositories. **Recommendations** For SUSE Rancher wrangler versions 0.7.3 and prior versions, update to version 0.7.4-security1 or later. For SUSE Rancher wrangler versions 0.8.4 and prior versions, update to version 0.8.5-security1 or later, or version 0.8.11 or later. For SUSE Rancher wrangler versions 1.0.0 and prior versions, update to version 1.0.1 or later. As a temporary workaround, consider sanitizing input passed to the Git package to remove potential unsafe and ambiguous characters.

**Name of the Vulnerable Software and Affected Versions** SUSE Rancher wrangler versions 0.7.3 and prior versions SUSE Rancher wrangler versions 0.8.4 and prior versions SUSE Rancher wrangler versions 1.0.0 and prior versions **Description** A command injection vulnerability exists in the Wrangler Git package, allowing remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. Specially crafted commands can be passed to Wrangler that will change their behavior and cause confusion when executed through Git, resulting in command injection in the underlying host. **Recommendations** For SUSE Rancher wrangler versions 0.7.3 and prior versions, update to version 0.7.4-security1 or later. For SUSE Rancher wrangler versions 0.8.4 and prior versions, update to version 0.8.5-security1 or later. For SUSE Rancher wrangler versions 1.0.0 and prior versions, update to version 1.0.1 or later. As a temporary workaround, consider sanitizing input passed to the Git package to remove potential unsafe and ambiguous characters.

**Name of the Vulnerable Software and Affected Versions** SUSE Rancher versions prior to 2.5.17 SUSE Rancher versions prior to 2.6.10 SUSE Rancher versions prior to 2.7.1 **Description** A code execution issue exists due to improper neutralization of special elements used in an OS command. This issue can be exploited by adding an untrusted Helm catalog or modifying the URL configuration used to download KDM, allowing for command injection in the underlying Rancher host. By default, only the Rancher admin has permission to manage these configurations. The issue can potentially be exploited in two ways: adding an untrusted Helm catalog that contains maliciously designed repo URL configuration in Helm charts, or modifying the URL configuration used to download KDM releases. **Recommendations** For SUSE Rancher versions prior to 2.5.17, update to version 2.5.17 or later. For SUSE Rancher versions prior to 2.6.10, update to version 2.6.10 or later. For SUSE Rancher versions prior to 2.7.1, update to version 2.7.1 or later. As a temporary workaround, consider only adding trusted catalogs and the KDM URL to Rancher.

**Name of the Vulnerable Software and Affected Versions** SUSE Rancher versions prior to 2.5.17 SUSE Rancher versions prior to 2.6.10 SUSE Rancher versions prior to 2.7.1 **Description** A Cleartext Storage of Sensitive Information issue in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed. This issue affects the storage of sensitive fields, secret tokens, encryption keys, and SSH keys that were still being stored in plaintext directly on Kubernetes objects like `Clusters`. The exposed credentials are visible in Rancher to authenticated `Cluster Owners`, `Cluster Members`, `Project Owners`, and `Project Members` of that cluster on the endpoints: "/v1/management.cattle.io.cluster" and "/v1/management.cattle.io.clustertemplaterevisions". The fields that have been addressed by this security fix include `Cluster.Spec.RancherKubernetesEngineConfig.Services.KubeAPI.SecretsEncryptionConfig.CustomConfig.Providers[].AESGCM.Keys[].Secret`, `Cluster.Spec.RancherKubernetesEngineConfig.Services.KubeAPI.SecretsEncryptionConfig.CustomConfig.Providers[].AESCBC.Keys[].Secret`, and others. **Recommendations** For SUSE Rancher versions prior to 2.5.17, update to version 2.5.17 or later. For SUSE Rancher versions prior to 2.6.10, update to version 2.6.10 or later. For SUSE Rancher versions prior to 2.7.1, update to version 2.7.1 or later. After upgrading to a patched version, check for the `ACISecretsMigrated` and `RKESecretsMigrated` conditions on `Clusters` and `ClusterTemplateRevisions` to confirm when secrets have been fully migrated off of those objects. As a temporary workaround, consider restricting access to the vulnerable endpoints until a patch is available. Review for potentially leaked credentials and change them if deemed necessary.

**Name of the Vulnerable Software and Affected Versions** SUSE Rancher versions prior to 2.5.17 SUSE Rancher versions prior to 2.6.10 **Description** A Improper Privilege Management vulnerability in SUSE Rancher allows users with access to the `escalate` verb on PRTBs to escalate permissions for any `-promoted` resource in any cluster. This issue affects users with access to the `escalate` verb on PRTBs, including users with `*` verbs on PRTBs. The vulnerability can be exploited by users without the mentioned permissions if a role template with access to those objects was already created by another user in the cluster. The following resources are affected: - `navlinks` - `nodes` - `persistentvolumes` - `storageclasses` - `apiservices` - `clusterrepos` - `clusters` **Recommendations** For SUSE Rancher versions prior to 2.5.17, update to version 2.5.17 or later. For SUSE Rancher versions prior to 2.6.10, update to version 2.6.10 or later. As a temporary workaround, consider restricting access to the `projectroletemplatebindings` resource and minimizing the creation of custom roles that contain the `escalate`, `*` or write verbs on `projectroletemplatebindings` resource. Only grant Project Owner and Manage Project Members roles to trusted users. Minimize the number of users that have permissions to `create`, `patch` and `update` `roletemplates`.

**Name of the Vulnerable Software and Affected Versions** SUSE Rancher versions prior to 2.5.17 SUSE Rancher versions prior to 2.6.10 SUSE Rancher versions prior to 2.7.1 **Description** A Missing Authorization vulnerability in SUSE Rancher allows an authenticated user to create an unauthorized shell pod and have limited kubectl access in the local cluster. This issue occurs due to an authorization logic flaw, allowing users to open a shell pod in the Rancher local cluster and have limited kubectl access to it, even if they were not explicitly granted such access. The vulnerability can be exploited in two ways: by intercepting a web request to change the shell's destination to the Rancher local cluster, or by modifying the server cluster address in a kubeconfig file to point to the Rancher local cluster. The severity of this issue is reduced because the shell pod runs with a limited non-root user, but it is still possible to download and run binaries inside the shell pod. **Recommendations** For SUSE Rancher versions prior to 2.5.17, update to version 2.5.17 or later. For SUSE Rancher versions prior to 2.6.10, update to version 2.6.10 or later. For SUSE Rancher versions prior to 2.7.1, update to version 2.7.1 or later. As a temporary workaround, consider restricting access to the local cluster and limiting network access to reduce the blast radius of this issue. Additionally, enabling API audit logs can help identify possible abuses of this issue by tracking API requests to the user ID of the user that performed the action.

**Nome do software vulnerável e versões afetadas** Versões do SUSE Rancher anteriores à 2.5.13 Versões do SUSE Rancher anteriores à 2.6.4 **Descrição** Um problema de gerenciamento inadequado de privilégios no SUSE Rancher permite que usuários com a função `restricted-admin` obtenham privilégios de administrador total. Isso afeta clientes que utilizam usuários não administradores capazes de criar ou editar funções globais. A vulnerabilidade pode ser explorada por usuários com permissões de criação ou atualização em funções globais, permitindo que eles elevem suas próprias permissões ou as de outro usuário para o nível de administrador. **Recomendações** Para versões do SUSE Rancher anteriores à 2.5.13, atualize para a versão 2.5.13 ou posterior. Para versões do SUSE Rancher anteriores à 2.6.4, atualize para a versão 2.6.4 ou posterior. Como solução alternativa temporária, limite o acesso no Rancher a usuários confiáveis. Revise as funções e os usuários criados por usuários não administradores com permissões de criação ou edição em Funções Globais para identificar possíveis escalonamentos de privilégios.

**Nome do software vulnerável e versões afetadas** Versões do SUSE Rancher anteriores à 2.5.13 Versões do SUSE Rancher anteriores à 2.6.4 **Descrição** Uma vulnerabilidade no SUSE Rancher permite que qualquer usuário tenha acesso de gravação ao Catálogo quando a função restricted-admin está ativada. Este problema afeta clientes que utilizam a função restricted-admin no Rancher, a qual deve ser inicializada com a variável de ambiente `CATTLE RESTRICTED DEFAULT ADMIN=true` ou o sinalizador de configuração `restrictedAdmin=true`. A vulnerabilidade concede acesso de gravação a modelos (`CatalogTemplates`) e versões de modelos (`CatalogTemplateVersions`) para qualquer usuário com qualquer nível de acesso ao catálogo. Um usuário mal-intencionado poderia abusar dessa vulnerabilidade para modificar a visibilidade de aplicativos, alterar logotipos, fazer com que gráficos apareçam como gráficos confiáveis ou de parceiros, ou trocar versões de modelos. Essa vulnerabilidade não permite a modificação dos campos `files` codificados em base64 das `templateVersions`. **Recomendações** Para versões do SUSE Rancher anteriores à 2.5.13, atualize para a versão 2.5.13 ou posterior. Para versões do SUSE Rancher anteriores à 2.6.4, atualize para a versão 2.6.4 ou posterior. Como solução alternativa temporária, limite o acesso no Rancher a usuários confiáveis. Se estiver usando `restricted-admin` como função de administrador padrão, verifique `CatalogTemplates` e `CatalogTemplateVersions` em busca de possíveis modificações maliciosas.