PT-2019-18075 · Rancher · Rancher

Published

2019-04-10

Updated

2024-06-05

CVE-2019-6287

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Rancher versions 2.0.0 through 2.1.5

Description The issue allows project members to continue accessing and managing namespaces within a project even after they have been removed from it. This means they can still create, update, read, and delete namespaces.

Recommendations For Rancher versions 2.0.0 through 2.1.5, consider restricting access to namespace management features for removed project members as a temporary workaround until a patch is available.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2019-6287

GHSA-6R7X-4Q7G-H83J

GO-2024-2764

Affected Products

Rancher

PT-2019-18075 · Rancher · Rancher

CVE-2019-6287

Weakness Enumeration

Related Identifiers

Affected Products

References · 12