CVE-2021-36783

Name of the Vulnerable Software and Affected Versions SUSE Rancher versions prior to 2.6.4 Rancher versions prior to 2.5.13

Description A vulnerability in SUSE Rancher allows authenticated users, including Cluster Owners, Cluster Members, Project Owners, and Project Members, to read credentials, passwords, and API tokens stored in cleartext and exposed via API endpoints. This issue is related to the storage of passwords in an unencrypted form, which can be exploited by a remote attacker to gain access to account credentials, passwords, and API tokens.

Recommendations For SUSE Rancher versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. For Rancher versions prior to 2.5.13, update to version 2.5.13 or later to resolve the issue. As a temporary workaround, consider restricting access to API endpoints that expose sensitive information until a patch is available.