In Rancher versions >= 2.6.0, < 2.6.14, >= 2.7.0, < 2.7.10, >= 2.8.0, < 2.8.2 a high severity vulnerability CVE-2023-22649 was detected. This vulnerability may expose sensitive data in Rancher’s audit logs if audit logging is enabled and the audit level is set to 1 or above. To fix this problem, users should upgrade to the latest version 2.6.14, 2.7.10 and 2.8.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-22649.
Read more Data Analytics
In Rancher versions >=2.7.0, < 2.7.14, >=2.8.0, <2.8.5 a high severity vulnerability CVE-2023-22650 was detected. This vulnerability allows deleted, disabled, or revoked users from an authentication provider to retain access in Rancher, leaving their tokens still usable. To fix this problem, users should upgrade to the latest version 2.7.14 and 2.8.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-22650.
Read more Data Analytics