06 Jui 2019
Vulnérabilité CVE-2019-12274 CVE Vulnerability
In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml. (CVSS:0.0) (Last Update:2019-06-06)
Vulnerability Details : In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml. Publish Date : 2019-06-06 Last Update Date : 2019-06-06 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2019-12274
- References For CVE-2019-12274
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2019-12274There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |