PT-2019-18075 · Rancher · Rancher

Publicado

2019-04-10

Atualizado

2024-06-05

CVE-2019-6287

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Rancher versions 2.0.0 through 2.1.5

Description The issue allows project members to continue accessing and managing namespaces within a project even after they have been removed from it. This means they can still create, update, read, and delete namespaces.

Recommendations For Rancher versions 2.0.0 through 2.1.5, consider restricting access to namespace management features for removed project members as a temporary workaround until a patch is available.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2019-6287

GHSA-6R7X-4Q7G-H83J

GO-2024-2764

Produtos afetados

Rancher

PT-2019-18075 · Rancher · Rancher

CVE-2019-6287

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12