PT-2024-4208 · Rancher · Rancher+1

Pdellamore

·

Published

2024-06-16

·

Updated

2024-11-09

·

CVE-2023-32191

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Rancher Kubernetes Engine (RKE) versions prior to 1.4.19 Rancher Kubernetes Engine (RKE) versions prior to 1.5.10 Rancher versions prior to 2.7.14 Rancher versions prior to 2.8.5
Description The issue is related to the storage of cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains sensitive data, including SSH private keys, cloud provider credentials, and encryption keys. Non-admin users can escalate to admin by accessing this configmap. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Technical details about exploitation include:
  • API Endpoints: Not specified
  • Vulnerable Parameters or Variables: full-cluster-state configmap, RancherKubernetesEngineConfig, RKENodeConfig, SSH username, SSH private key, SSH private key path, RKEConfigServices, ETCDService, External client key, BackupConfig, S3BackupConfig, AWS access key, AWS secret key, KubeAPIService, SecretsEncryptionConfig, K8s encryption configuration, PrivateRegistries, User, Password, ECRCredentialPlugin, AWS access key, AWS secret key, AWS session token, CloudProvider, AzureCloudProvider, AAD client ID, AAD client secret, AAD client cert password, OpenstackCloudProvider, Username, User ID, Password, VsphereCloudProvider, GlobalVsphereOpts, User, Password, VirtualCenterConfig, User, Password, HarvesterCloudProvider, CloudConfig, CustomCloudProvider, BastionHost, User, SSH key, CertificatesBundle, Private key, EncryptionConfig, Private key
  • Function Names: Not specified
Recommendations For RKE versions prior to 1.4.19, upgrade to version 1.4.19 or later. For RKE versions prior to 1.5.10, upgrade to version 1.5.10 or later. For Rancher versions prior to 2.7.14, upgrade to version 2.7.14 or later. For Rancher versions prior to 2.8.5, upgrade to version 2.8.5 or later. As a temporary workaround, consider restricting access to the full-cluster-state configmap to minimize the risk of exploitation.

Fix

Cleartext Storage of Sensitive Information

Information Disclosure

Insecure Storage of Sensitive Information

Weakness Enumeration

CWE-312CWE-200CWE-922

Related Identifiers

BDU:2024-04694
CVE-2023-32191
GHSA-6GR4-52W6-VMQX
GO-2024-2930

Affected Products

Rancher
Rancher Kubernetes Engine