x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36782

[GoVulnBot]

CVE-2021-36782 references github.com/rancher/rancher, which may be a Go module.

Description:
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data.
This issue affects:
SUSE Rancher
Rancher versions prior to 2.5.16;
Rancher versions prior to 2.6.7.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2021-36782
• JSON: https://github.com/CVEProject/cvelist/tree/6a9bf4ed6f20fd1b925c11db4c42684ec0d8ca2b/2021/36xxx/CVE-2021-36782.json
• web: https://bugzilla.suse.com/show_bug.cgi?id=1193988
• web: GHSA-g7j7-h4q8-8w2f
• Imported by: https://pkg.go.dev/github.com/rancher/rancher?tab=importedby

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/rancher/rancher
    packages:
      - package: Rancher
description: |
    A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the  Kubernetes API to retrieve plaintext version of sensitive data.
    This issue affects:
    SUSE Rancher
    Rancher versions prior to 2.5.16;
    Rancher versions prior to 2.6.7.
cves:
  - CVE-2021-36782
credit: Florian Struck (from Continum AG) and Marco Stuurman (from Shock Media B.V.)
references:
  - web: https://bugzilla.suse.com/show_bug.cgi?id=1193988
  - web: https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f

[gopherbot]

Change https://go.dev/cl/432779 mentions this issue: data/excluded: add GO-2022-0973.yaml for CVE-2021-36782

[gopherbot]

Change https://go.dev/cl/592774 mentions this issue: data/reports: unexclude 50 reports