CVE-2021-25320 - OpenCVE

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Rancher	Rancher

Configuration 1 [-]

OR	cpe:2.3:a:rancher:rancher::::::::
	cpe:2.3:a:rancher:rancher::::::::

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=1185514	Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: suse

Published: 2021-07-15T00:00:00

Updated: 2021-07-15T08:55:17

Reserved: 2021-01-19T00:00:00

Link: CVE-2021-25320

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-07-15T09:15:08.143

Modified: 2022-10-25T18:09:39.017

Link: CVE-2021-25320

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Rancher", "vendor": "Rancher", "versions": [{"lessThan": "2.5.9", "status": "affected", "version": "Rancher", "versionType": "custom"}]}, {"product": "Rancher", "vendor": "Rancher", "versions": [{"lessThan": "2.4.16", "status": "affected", "version": "Rancher", "versionType": "custom"}]}], "datePublic": "2021-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-15T08:55:17", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1185514"}], "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1185514", "defect": ["1185514"], "discovery": "INTERNAL"}, "title": "Rancher: Cloud credentials can be used through proxy API by users without access", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2021-07-15T00:00:00.000Z", "ID": "CVE-2021-25320", "STATE": "PUBLIC", "TITLE": "Rancher: Cloud credentials can be used through proxy API by users without access"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Rancher", "version": {"version_data": [{"version_affected": "<", "version_name": "Rancher", "version_value": "2.5.9"}]}}, {"product_name": "Rancher", "version": {"version_data": [{"version_affected": "<", "version_name": "Rancher", "version_value": "2.4.16"}]}}]}, "vendor_name": "Rancher"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284: Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.suse.com/show_bug.cgi?id=1185514", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1185514"}]}, "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1185514", "defect": ["1185514"], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2021-25320", "datePublished": "2021-07-15T00:00:00", "dateReserved": "2021-01-19T00:00:00", "dateUpdated": "2021-07-15T08:55:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rancher:rancher:*:*:*:*:*:*:*:*", "matchCriteriaId": "61F2398D-29ED-4CD4-A229-186EF99BB4E8", "versionEndExcluding": "2.4.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:rancher:rancher:*:*:*:*:*:*:*:*", "matchCriteriaId": "67B096D9-719A-43C1-8B49-AF0C09A30715", "versionEndExcluding": "2.5.9", "versionStartIncluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16."}, {"lang": "es", "value": "Una vulnerabilidad de Control de Acceso Inapropiado en Rancher, permite a usuarios del cluster hacer peticiones a los proveedores de la nube al crear peticiones con el ID de la credencial de la nube. Rancher en este caso adjuntar\u00eda las credenciales solicitadas sin m\u00e1s comprobaciones. Este problema afecta a: Versiones de Rancher anteriores a 2.5.9; versiones de Rancher anteriores a 2.4.16"}], "id": "CVE-2021-25320", "lastModified": "2022-10-25T18:09:39.017", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2021-07-15T09:15:08.143", "references": [{"source": "meissner@suse.de", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1185514"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "meissner@suse.de", "type": "Secondary"}]}