Bug 1185514 – CVE-2021-25320: rancher: Cloud credentials can be used through proxy API by users without access

Bug 1185514 - (CVE-2021-25320) CVE-2021-25320: rancher: Cloud credentials can be used through proxy API by users without access

(CVE-2021-25320)
Summary:	CVE-2021-25320: rancher: Cloud credentials can be used through proxy API by u...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Critical
Target Milestone:	---
Assigned To:	Johannes Segitz
QA Contact:	Security Team bot

URL:	https://github.com/rancherlabs/ranche...
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 1 Johannes Segitz 2021-05-03 06:27:54 UTC

Please use CVE-2021-25320 for this

Comment 2 Johannes Segitz 2021-07-15 08:19:08 UTC

public:
https://github.com/rancher/rancher/releases/tag/v2.5.9
https://github.com/rancher/rancher/releases/tag/v2.4.16

Comment 3 Johannes Segitz 2021-07-30 09:08:11 UTC

released