Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-20321

An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
Products affected by CVE-2018-20321
  • Suse » Rancher » Version: 2.0.0
    cpe:2.3:a:suse:rancher:2.0.0
  • Suse » Rancher » Version: 2.0.1
    cpe:2.3:a:suse:rancher:2.0.1
  • Suse » Rancher » Version: 2.0.10
    cpe:2.3:a:suse:rancher:2.0.10
  • Suse » Rancher » Version: 2.0.11
    cpe:2.3:a:suse:rancher:2.0.11
  • Suse » Rancher » Version: 2.0.12
    cpe:2.3:a:suse:rancher:2.0.12
  • Suse » Rancher » Version: 2.0.13
    cpe:2.3:a:suse:rancher:2.0.13
  • Suse » Rancher » Version: 2.0.2
    cpe:2.3:a:suse:rancher:2.0.2
  • Suse » Rancher » Version: 2.0.3
    cpe:2.3:a:suse:rancher:2.0.3
  • Suse » Rancher » Version: 2.0.4
    cpe:2.3:a:suse:rancher:2.0.4
  • Suse » Rancher » Version: 2.0.5
    cpe:2.3:a:suse:rancher:2.0.5
  • Suse » Rancher » Version: 2.0.6
    cpe:2.3:a:suse:rancher:2.0.6
  • Suse » Rancher » Version: 2.0.7
    cpe:2.3:a:suse:rancher:2.0.7
  • Suse » Rancher » Version: 2.0.8
    cpe:2.3:a:suse:rancher:2.0.8
  • Suse » Rancher » Version: 2.0.9
    cpe:2.3:a:suse:rancher:2.0.9
  • Suse » Rancher » Version: 2.1.0
    cpe:2.3:a:suse:rancher:2.1.0
  • Suse » Rancher » Version: 2.1.1
    cpe:2.3:a:suse:rancher:2.1.1
  • Suse » Rancher » Version: 2.1.2
    cpe:2.3:a:suse:rancher:2.1.2
  • Suse » Rancher » Version: 2.1.3
    cpe:2.3:a:suse:rancher:2.1.3
  • Suse » Rancher » Version: 2.1.4
    cpe:2.3:a:suse:rancher:2.1.4
  • Suse » Rancher » Version: 2.1.5
    cpe:2.3:a:suse:rancher:2.1.5


Products
Pricing
Contact Us

Shodan ® - All rights reserved