| CVE-2017-7297 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
Rancher Access Control Vulnerability in github.com/rancher/rancher |
| CVE-2026-25705 |
high |
8.4 |
8.4 |
|
|
|
17d ago |
Rancher Extensions have arbitrary file access via path traversal |
| CVE-2023-22649 |
unknown |
— |
1.0 |
|
|
|
2y ago |
Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher |
| CVE-2021-36782 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials |
| CVE-2021-25320 |
unknown |
— |
— |
|
|
|
3mo ago |
Rancher cloud credentials can be used through proxy API by users without access in github.com/rancher/rancher |
| CVE-2022-21951 |
unknown |
— |
— |
|
|
|
3mo ago |
Rancher's weave CNI password is not configured when a cluster is created from an RKE template |
| CVE-2022-31247 |
unknown |
— |
— |
|
|
|
3mo ago |
Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB) |
| CVE-2021-36783 |
unknown |
— |
— |
|
|
|
3mo ago |
Rancher doesn't properly sanitize credentials in cluster template answers |
| CVE-2023-22648 |
unknown |
— |
— |
|
|
|
3mo ago |
Rancher's Azure AD permission changes are not reflected on active sessions |
| CVE-2025-67601 |
unknown |
— |
— |
|
|
|
4mo ago |
Rancher CLI skips TLS verification on Rancher CLI login command in github.com/rancher/rancher |
| CVE-2024-58269 |
unknown |
— |
— |
|
|
|
7mo ago |
Rancher exposes sensitive information through audit logs in github.com/rancher/rancher |
| CVE-2023-32199 |
unknown |
— |
— |
|
|
|
7mo ago |
Rancher user retains access to clusters despite Global Role removal in github.com/rancher/rancher |
| CVE-2024-58260 |
unknown |
— |
— |
|
|
|
8mo ago |
Rancher update on users can deny the service to the admin in github.com/rancher/rancher |
| CVE-2024-58267 |
unknown |
— |
— |
|
|
|
8mo ago |
Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher |
| CVE-2025-54468 |
unknown |
— |
— |
|
|
|
8mo ago |
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint in github.com/rancher/rancher |
| CVE-2024-58259 |
unknown |
— |
— |
|
|
|
9mo ago |
Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher |
| CVE-2024-22031 |
unknown |
— |
— |
|
|
|
1y ago |
Rancher users who can create Projects can gain access to arbitrary projects in github.com/rancher/rancher |
| CVE-2025-23391 |
unknown |
— |
— |
|
|
|
1y ago |
Rancher: Restricted Administrator can change Administrator's passwords in github.com/rancher/rancher |
| CVE-2025-23389 |
unknown |
— |
— |
|
|
|
1y ago |
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login in github.com/rancher/rancher |
| CVE-2025-23388 |
unknown |
— |
— |
|
|
|
1y ago |
Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API in github.com/rancher/rancher |
| CVE-2025-23387 |
unknown |
— |
— |
|
|
|
1y ago |
Rancher's SAML-based login via CLI can be denied by unauthenticated users in github.com/rancher/rancher |
| CVE-2024-52281 |
unknown |
— |
— |
|
|
|
1y ago |
Rancher UI has Stored Cross-site Scripting vulnerability in github.com/rancher/rancher |
| CVE-2024-52282 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher |
| CVE-2024-22036 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher |
| CVE-2022-45157 |
unknown |
— |
— |
|
|
|
2y ago |
Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher |
| CVE-2024-22030 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher agents can be hijacked by taking over the Rancher Server URL in github.com/rancher/rancher |
| CVE-2024-22032 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher |
| CVE-2023-32196 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher |
| CVE-2023-32197 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher |
| CVE-2023-22650 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher |
| CVE-2021-25318 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher |
| CVE-2021-31999 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher Privilege escalation vulnerability via malicious "Connection" header in github.com/rancher/rancher |
| CVE-2021-36776 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher |
| CVE-2021-36775 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher |
| CVE-2023-32194 |
unknown |
— |
— |
|
|
|
2y ago |
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher |
| CVE-2023-22647 |
unknown |
— |
— |
|
|
|
3y ago |
Rancher vulnerable to Privilege Escalation via manipulation of Secrets |
| CVE-2022-43760 |
unknown |
— |
— |
|
|
|
3y ago |
Rancher UI has multiple Cross-Site Scripting (XSS) issues |
| CVE-2020-10676 |
unknown |
— |
— |
|
|
|
3y ago |
Rancher users retain access after moving namespaces into projects they don't have access to |
| CVE-2023-22651 |
unknown |
— |
— |
|
|
|
3y ago |
Rancher Webhook is misconfigured during upgrade process |
| CVE-2022-43757 |
unknown |
— |
— |
|
|
|
3y ago |
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects |
| CVE-2022-43758 |
unknown |
— |
— |
|
|
|
3y ago |
Command injection in Rancher Git package |
| CVE-2022-21953 |
unknown |
— |
— |
|
|
|
3y ago |
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster |
| CVE-2022-43759 |
unknown |
— |
— |
|
|
|
3y ago |
Privilege escalation in project role template binding (PRTB) and -promoted roles |
| CVE-2022-43755 |
unknown |
— |
— |
|
|
|
3y ago |
Rancher cattle-token is predictable |
| CVE-2021-25313 |
unknown |
— |
— |
|
|
|
4y ago |
Rancher Cross-site Scripting Vulnerability |
| CVE-2019-11202 |
unknown |
— |
— |
|
|
|
4y ago |
Rancher Recreates Default User With Known Password Despite Deletion in github.com/rancher/rancher |
| CVE-2019-11881 |
unknown |
— |
— |
|
|
|
4y ago |
Rancher Login Parameter Can Be Edited in github.com/rancher/rancher |
| CVE-2019-12303 |
unknown |
— |
— |
|
|
|
4y ago |
Rancher code injection via fluentd config commands in github.com/rancher/rancher |
| CVE-2019-12274 |
unknown |
— |
— |
|
|
|
4y ago |
Rancher Privilege Escalation Vulnerability in github.com/rancher/rancher |
| CVE-2019-6287 |
unknown |
— |
— |
|
|
|
4y ago |
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher |
| CVE-2021-36784 |
unknown |
— |
— |
|
|
|
4y ago |
Privilege escalation for users with create/update permissions in Global Roles in Rancher |
| CVE-2021-36778 |
unknown |
— |
— |
|
|
|
4y ago |
Exposure of repository credentials to external third-party sources in Rancher |
| CVE-2021-4200 |
unknown |
— |
— |
|
|
|
4y ago |
Write access to the catalog for any user when restricted-admin role is enabled in Rancher |
| CVE-2018-20321 |
unknown |
— |
— |
|
|
|
5y ago |
Access Control Bypass in github.com/rancher/rancher |
| CVE-2019-13209 |
unknown |
— |
— |
|
|
|
5y ago |
Cross-site request forgery in github.com/rancher/rancher |