Skip to main content

Incorrect Permission Assignment for Critical Resource

CVE-2021-25318

Severity High
Score 8.8/10

Summary

A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects Rancher versions prior to 2.4.16 and 2.5.x prior to 2.5.9.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-732 - Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Advisory Timeline

  • Published