VDB
CVE-2021-25320
CVE-2021-25320
PUBLISHED
CVSS 4 MEDIUM
A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16.
EPSS 0.20% · 41.9th percentile
Risk Scores
CVSS 2.0
4
EPSS Score
0.20%
41.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| rancher | rancher | 0, 2.5.0, 2.5.0 |
| Rancher | Rancher | *, Rancher, Rancher |
| github.com | rancher/rancher | 2.2.0, 2.2.0, 2.5.0 |
Timeline
- Jul 15, 2021 CVE Published
- Jul 16, 2021 EPSS Score
- Sep 14, 2021 EPSS Score
- Nov 12, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 11, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 10, 2022 EPSS Score
- Jul 9, 2022 EPSS Score
- Sep 7, 2022 EPSS Score
- Nov 6, 2022 EPSS Score