Mateusz Dyminski

Name of the Vulnerable Software and Affected Versions: Rancher versions 2.0.0 through 2.1.5 Description: An issue allows project members with access to the default namespace to execute administrative privileged commands against the k8s cluster by mounting the netes-default service account in a pod. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. The issue affects all clusters created or imported by Rancher as of 2018-12-20. Additionally, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. Recommendations: For Rancher versions 2.0.0 through 2.1.5, consider isolating the default namespace in a separate project, where only cluster admins can be given permissions to access, as a temporary workaround to mitigate the risk of exploitation. Restrict access to the netes-default service account to minimize the risk of administrative privileged commands being executed against the k8s cluster. At the moment, there is no information about a newer version that contains a fix for this vulnerability.