Vulnerability Description
An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suse | Rancher | >= 2.0.0, <= 2.1.5 |
Related Weaknesses (CWE)
References
- https://forums.rancher.com/c/announcementsVendor Advisory
- https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addMitigationVendor Advisory
- https://forums.rancher.com/c/announcementsVendor Advisory
- https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addMitigationVendor Advisory
FAQ
What is CVE-2018-20321?
CVE-2018-20321 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute admin...
How severe is CVE-2018-20321?
CVE-2018-20321 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-20321?
Check the references section above for vendor advisories and patch information. Affected products include: Suse Rancher.