CVE-2021-36776

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-36776

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36776.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-36776

Aliases

Published

2022-04-04T13:15:07.530Z

Modified

2025-11-14T12:06:59.618629Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.

References

https://bugzilla.suse.com/show_bug.cgi?id=1189413

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type: GIT
Repo: https://github.com/rancher/rancher
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

074997087ad65d6e0dd3551201e9929804e853c9

Affected versions

v2.*

v2.0.0

v2.0.0-alpha11

v2.0.0-alpha12

v2.0.0-alpha14

v2.0.0-alpha17

v2.0.0-alpha18

v2.0.0-alpha19

v2.0.0-alpha20

v2.0.0-alpha21

v2.0.0-alpha22

v2.0.0-alpha23

v2.0.0-alpha24

v2.0.0-alpha25

v2.0.0-alpha26

v2.0.0-alpha27

v2.0.0-alpha28

v2.0.0-beta1

v2.0.0-beta2

v2.0.0-beta3

v2.0.0-beta3-rc1

v2.0.0-beta4

v2.0.0-beta4-rc1

v2.0.0-beta4-rc2

v2.0.0-beta4-rc3

v2.0.0-beta4-rc4

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.0-rc5

v2.0.1

v2.0.1-rc1

v2.0.1-rc2

v2.0.1-rc3

v2.0.1-rc4

v2.0.1-rc5

v2.0.1-rc6

v2.0.2

v2.0.2-rc1

v2.0.3

v2.0.3-rc1

v2.0.3-rc2

v2.0.3-rc3

v2.0.3-rc4

v2.0.3-rc5

v2.0.4

v2.0.4-rc1

v2.0.5

v2.0.5-rc1

v2.0.5-rc2

v2.0.5-rc3

v2.0.5-rc4

v2.0.5-rc5

v2.0.5-rc6

v2.0.6

v2.0.6-rc1

v2.0.6-rc2

v2.0.7

v2.0.7-rc1

v2.0.7-rc2

v2.0.7-rc3

v2.0.7-rc4

v2.0.7-rc5

v2.0.7-rc6

v2.0.8

v2.0.8-rc2

v2.0.8-rc3

v2.0.8-rc4

v2.0.8-rc5

v2.0.8-rc6

v2.1.0

v2.1.0-rc1

v2.1.0-rc10

v2.1.0-rc2

v2.1.0-rc3

v2.1.0-rc4

v2.1.0-rc5

v2.1.0-rc6

v2.1.0-rc7

v2.1.0-rc8

v2.1.0-rc9

v2.2.0

v2.2.0-rc1

v2.2.0-rc10

v2.2.0-rc11

v2.2.0-rc12

v2.2.0-rc13

v2.2.0-rc14

v2.2.0-rc15

v2.2.0-rc2

v2.2.0-rc3

v2.2.0-rc4

v2.2.0-rc5

v2.2.0-rc6

v2.2.0-rc7

v2.2.0-rc8

v2.2.0-rc9

v2.3.0-alpha4

v2.3.0-alpha5

v2.3.0-alpha6

v2.3.0-alpha7

v2.3.0-rc1

v2.3.0-rc10

v2.3.0-rc2

v2.3.0-rc3

v2.3.0-rc4

v2.3.0-rc5

v2.3.0-rc6

v2.3.0-rc7

v2.3.0-rc8

v2.3.0-rc9

v2.3.7-draft

v2.4.0-alpha1

v2.4.0-rc1

v2.4.0-rc10

v2.4.0-rc11

v2.4.0-rc2

v2.4.0-rc3

v2.4.0-rc4

v2.4.0-rc5

v2.4.0-rc6

v2.4.0-rc7

v2.4.0-rc8

v2.4.0-rc9

v2.5.0

v2.5.0-alpha1

v2.5.0-alpha2

v2.5.0-alpha3

v2.5.0-alpha4

v2.5.0-alpha5

v2.5.0-rc1

v2.5.0-rc2

v2.5.0-rc3

v2.5.0-rc4

v2.5.0-rc5

v2.5.0-rc6

v2.5.0-rc7

v2.5.0-rc8

v2.5.0-rc9

v2.5.1

v2.5.1-rc1

v2.5.10-rc1

v2.5.10-rc2

v2.5.10-rc3

v2.5.10-rc4

v2.5.10-rc5

v2.5.10-rc6

v2.5.2

v2.5.2-rc

v2.5.2-rc1

v2.5.2-rc10

v2.5.2-rc2

v2.5.2-rc3

v2.5.2-rc4

v2.5.2-rc5

v2.5.2-rc6

v2.5.2-rc7

v2.5.2-rc8

v2.5.2-rc9

v2.5.4

v2.5.4-rc1

v2.5.4-rc2

v2.5.4-rc3

v2.5.4-rc4

v2.5.4-rc5

v2.5.4-rc6

v2.5.4-rc7

v2.5.4-rc8

v2.5.4-rc9

v2.5.6

v2.5.6-rc1

v2.5.6-rc2

v2.5.6-rc3

v2.5.6-rc4

v2.5.6-rc5

v2.5.6-rc6

v2.5.6-rc7

v2.5.6-rc8

v2.5.6-rc9

v2.5.8

v2.5.8-rc10

v2.5.8-rc11

v2.5.8-rc12

v2.5.8-rc13

v2.5.8-rc14

v2.5.8-rc15

v2.5.8-rc16

v2.5.8-rc17

v2.5.8-rc18

v2.5.8-rc19

v2.5.8-rc2

v2.5.8-rc20

v2.5.8-rc21

v2.5.8-rc3

v2.5.8-rc4

v2.5.8-rc5

v2.5.8-rc6

v2.5.8-rc7

v2.5.8-rc8

v2.5.8-rc9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36776.json"