CVE-2021-25318

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-25318

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25318.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-25318

Aliases

Published

2021-07-15T09:15:07.777Z

Modified

2026-03-13T01:53:44.037268Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16.

References

https://bugzilla.suse.com/show_bug.cgi?id=1184913

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type

GIT

Repo

https://github.com/rancher/rancher

Events

Introduced

Fixed

c29a771063e6926df6916990f1730e0574042ba8

Introduced

65f3525cdc1167872af4140d45f3153698450c52

Fixed

3c54189441fdac08fd4a1b3113216e085004f061

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.16"
        },
        {
            "introduced": "2.5.0"
        },
        {
            "fixed": "2.5.9"
        }
    ]
}

Affected versions

v2.*

v2.5.0

v2.5.0-rc9

v2.5.1

v2.5.1-rc1

v2.5.2

v2.5.2-rc

v2.5.2-rc1

v2.5.2-rc10

v2.5.2-rc2

v2.5.2-rc3

v2.5.2-rc4

v2.5.2-rc5

v2.5.2-rc6

v2.5.2-rc7

v2.5.2-rc8

v2.5.2-rc9

v2.5.4

v2.5.4-rc1

v2.5.4-rc2

v2.5.4-rc3

v2.5.4-rc4

v2.5.4-rc5

v2.5.4-rc6

v2.5.4-rc7

v2.5.4-rc8

v2.5.4-rc9

v2.5.6

v2.5.6-rc1

v2.5.6-rc2

v2.5.6-rc3

v2.5.6-rc4

v2.5.6-rc5

v2.5.6-rc6

v2.5.6-rc7

v2.5.6-rc8

v2.5.6-rc9

v2.5.8

v2.5.8-patch1

v2.5.8-rc10

v2.5.8-rc11

v2.5.8-rc12

v2.5.8-rc13

v2.5.8-rc14

v2.5.8-rc15

v2.5.8-rc16

v2.5.8-rc17

v2.5.8-rc18

v2.5.8-rc19

v2.5.8-rc2

v2.5.8-rc20

v2.5.8-rc21

v2.5.8-rc3

v2.5.8-rc4

v2.5.8-rc5

v2.5.8-rc6

v2.5.8-rc7

v2.5.8-rc8

v2.5.8-rc9

v2.5.9-rc1

v2.5.9-rc10

v2.5.9-rc11

v2.5.9-rc12

v2.5.9-rc13

v2.5.9-rc14

v2.5.9-rc15

v2.5.9-rc2

v2.5.9-rc3

v2.5.9-rc4

v2.5.9-rc5

v2.5.9-rc6

v2.5.9-rc7

v2.5.9-rc8

v2.5.9-rc9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25318.json"