How severe is CVE-2021-31999?

CVE-2021-31999 has a CVSS v3 score of 8.8 (HIGH).

CVE-2021-31999

Name: rancher
Author: rancher

8.8HIGH

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group

Published: 7/15/2021Updated: 11/21/2024

Description

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16.

AI AnalysisPowered by AI

Affected Products

rancherrancher

References

https://bugzilla.suse.com/show_bug.cgi?id=1187084
Issue TrackingRelease NotesThird Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1187084
Issue TrackingRelease NotesThird Party Advisory