x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gvh9-xgrq-r8hw #2771

GoVulnBot · 2024-04-24T23:01:29Z

In GitHub Security Advisory GHSA-gvh9-xgrq-r8hw, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/rancher/rancher	2.5.10	>= 2.5.0, <= 2.5.9

Cross references:

Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-wm2r-rp98-8pmh #439 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-21951 #464 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-4fc7-hc63-7fjg #551 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-hx8w-ghh8-r4xf #605 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-jwvr-vv7p-gpwq, CVE-2021-36784 #610 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-9qq2-xhmc-h9qr #644 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36782 #973 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36783 #974 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-31247 #975 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-34p5-jp77-fcrc #1511 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-7m72-mh5r-6j3r #1513 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8c69-r38j-rpfj #1514 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c45c-39f6-6gw9 #1516 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-cq4p-vp5q-4522 #1517 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-g25r-gvq3-wrq7 #1518 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m9f-pj6w-w87g #1736 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-43760 #1814 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22647 #1815 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22648 #1816 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8vhc-hwhc-cpj4 #1825 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m8r-jh89-rq7h #1905 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-w3x4-9854-95x8 #1973 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gc62-j469-9gjm #1991 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c85r-fwc7-45vc #2535 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-xfj7-qf8w-2gcr #2537 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher/server: GHSA-xhg2-rvm8-w2jh #755

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/rancher/rancher
      versions:
        - introduced: TODO (earliest fixed "2.5.10", vuln range ">= 2.5.0, <= 2.5.9")
      packages:
        - package: github.com/rancher/rancher
summary: |-
    Rancher's Steve API Component Improper authorization check allows privilege
    escalation in github.com/rancher/rancher
cves:
    - CVE-2021-36776
ghsas:
    - GHSA-gvh9-xgrq-r8hw
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2021-36776
    - web: https://bugzilla.suse.com/show_bug.cgi?id=1189413
    - advisory: https://github.com/advisories/GHSA-gvh9-xgrq-r8hw
source:
    id: GHSA-gvh9-xgrq-r8hw

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-04-30T15:58:02Z

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

gopherbot · 2024-06-04T20:42:55Z

Change https://go.dev/cl/590278 mentions this issue: data/reports: add 48 unreviewed reports

tatianab assigned maceonthompson May 10, 2024

tatianab added the triaged label May 23, 2024

gopherbot closed this as completed in 8ed6db9 Jun 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gvh9-xgrq-r8hw #2771

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gvh9-xgrq-r8hw #2771

GoVulnBot commented Apr 24, 2024

gopherbot commented Apr 30, 2024

gopherbot commented Jun 4, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gvh9-xgrq-r8hw #2771

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gvh9-xgrq-r8hw #2771

Comments

GoVulnBot commented Apr 24, 2024

gopherbot commented Apr 30, 2024

gopherbot commented Jun 4, 2024