PT-2017-17643 · Rancher · Rancher Server
Will-Chan
·
Published
2017-03-29
·
Updated
2024-08-20
·
CVE-2017-7297
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rancher Labs rancher server versions 1.2.0 through 1.2.3
Rancher Labs rancher server versions 1.3.0 through 1.3.4
Rancher Labs rancher server versions 1.4.0 through 1.4.2
Rancher Labs rancher server versions 1.5.0 through 1.5.2
Description
The issue allows authenticated users to disable access control via an API call.
Recommendations
For versions 1.2.0 through 1.2.3, update to rancher/server:v1.2.4.
For versions 1.3.0 through 1.3.4, update to rancher/server:v1.3.5.
For versions 1.4.0 through 1.4.2, update to rancher/server:v1.4.3.
For versions 1.5.0 through 1.5.2, update to rancher/server:v1.5.3.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rancher Server