1193992 – (CVE-2021-4200) VUL-0: CVE-2021-4200: Rancher: Write access to the Catalog for any user when restricted-admin role is enabled

Bug 1193992 (CVE-2021-4200) - VUL-0: CVE-2021-4200: Rancher: Write access to the Catalog for any user when restricted-admin role is enabled

Summary: VUL-0: CVE-2021-4200: Rancher: Write access to the Catalog for any user when ...

Status:	RESOLVED FIXED

Alias:	CVE-2021-4200

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Critical
Target Milestone:	---
Assignee:	Johannes Segitz
QA Contact:	Security Team bot

URL:	https://github.com/rancherlabs/embarg...
Whiteboard:
Keywords:

Depends on:
Blocks:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 2 Johannes Segitz 2022-01-05 08:07:50 UTC

Please use CVE-2021-4200

Comment 3 Guilherme Macedo 2022-04-15 08:17:16 UTC

Advisory is now public in https://github.com/rancher/rancher/security/advisories/GHSA-hx8w-ghh8-r4xf .

Comment 4 Guilherme Macedo 2023-01-25 13:51:59 UTC

Marking this issue as fixed.