Explaining security vulnerabilities addressed in Rancher v2.1.6 and v2.0.11
-
Today we announced releases v2.1.6 and v2.0.11 to address two security vulnerabilities recently discovered in Rancher. The first vulnerability allows users in the Default project of a cluster to escalate privileges to that of a cluster admin through a service account. The second vulnerability allows members to have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. You can view the official CVEs here CVE-2018-20321 and here CVE-2019-6287.
https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11/
© Lightnetics 2024