What is CVE-2021-36782?

CVE-2021-36782 is a critical-severity vulnerability in Suse Rancher, classified under Cleartext Storage of Sensitive Information. CVSS score: 9.9/10. Published 2022-09-07.

How severe is CVE-2021-36782?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Is CVE-2021-36782 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Suse Rancher

CVE-2021-36782

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensi…

EPSS: 0.796 (99.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Suse Rancher — versions Rancher

Weakness classification (CWE)

CWE-312 — Cleartext Storage of Sensitive Information

Public proof-of-concept exploits

References

bugzilla.suse.com/show_bug.cgi (x_refsource_CONFIRM)
github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-36782?: CVE-2021-36782 is a critical-severity vulnerability in Suse Rancher, classified under Cleartext Storage of Sensitive Information. CVSS score: 9.9/10. Published 2022-09-07.
How severe is CVE-2021-36782?: Critical severity. CVSS v3 base score is 9.9 out of 10.
Is CVE-2021-36782 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.