Skip to main content

Reliance on Untrusted Inputs in a Security Decision

CVE-2021-31999

Severity High
Score 8.8/10

Summary

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects Rancher versions prior to 2.4.16 and 2.5.x prior to 2.5.9.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-807 - Reliance on Untrusted Inputs in a Security Decision

The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

Advisory Timeline

  • Published