CVE-2021-4200

Name of the Vulnerable Software and Affected Versions SUSE Rancher versions prior to 2.5.13 SUSE Rancher versions prior to 2.6.4

Description A vulnerability in SUSE Rancher allows write access to the Catalog for any user when the restricted-admin role is enabled. This issue affects customers using the restricted-admin role in Rancher, which must be bootstrapped with the environment variable CATTLE RESTRICTED DEFAULT ADMIN=true or the configuration flag restrictedAdmin=true. The vulnerability grants write access to templates (CatalogTemplates) and template versions (CatalogTemplateVersions) for any user with any level of catalog access. A malicious user could abuse this vulnerability to modify application visibility, change logos, make charts appear as trusted or partner charts, or swap template versions. This vulnerability does not allow modification of the base64 encoded files fields of the templateVersions.

Recommendations For SUSE Rancher versions prior to 2.5.13, update to version 2.5.13 or later. For SUSE Rancher versions prior to 2.6.4, update to version 2.6.4 or later. As a temporary workaround, limit access in Rancher to trusted users. If using the restricted-admin as the default admin role, review CatalogTemplates and CatalogTemplateVersions for possible malicious modifications.