Rancher Node Driver Options Unauthorized Access Vulnerability

By GIXnews


A vulnerability in the built-in node drivers of Rancher could allow an authenticated, remote attacker to gain unauthorized access on a targeted system.

The vulnerability exists because the built-in node drivers of the affected software have a file path option that allows an affected system to read arbitrary files, such as /root/.kube/config. An attacker with access to the targeted system could exploit this vulnerability to access sensitive information, which the attacker could use to gain unauthorized access to the management plane of the affected software. A successful exploit could be used to conduct further attacks.

Rancher has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-12274

Source:: Cisco Multivendor Vulnerability Alerts