SUSE Rancher kde2 missing encryption

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in SUSE Rancher (version unknown). It has been classified as problematic. Affected is an unknown code of the component kde2. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1149233808/05/2021VulD...cve_cnaSUSEnvd.nist.gov08/05/2021accepted
70
1149233708/05/2021VulD...confirm_urlhttps://bugzilla.suse.com/show_bug.cgi?id=1188453cve.mitre.org08/05/2021accepted
70
1149233608/05/2021VulD...cve_nvd_summaryA Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc) and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions; RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions.cve.mitre.org08/05/2021accepted
70
1149233508/05/2021VulD...cve_assigned1619992800cve.mitre.org08/05/2021accepted
70
1147592807/28/2021VulD...price_0day$5k-$25ksee exploit price documentation07/28/2021accepted
90
1147592707/28/2021VulD...cvss3_meta_tempscore4.3see CVSS documentation07/28/2021accepted
90
1147592607/28/2021VulD...cvss3_meta_basescore4.3see CVSS documentation07/28/2021accepted
90
1147592507/28/2021VulD...cvss3_vuldb_tempscore4.3see CVSS documentation07/28/2021accepted
90
1147592407/28/2021VulD...cvss3_vuldb_basescore4.3see CVSS documentation07/28/2021accepted
90
1147592307/28/2021VulD...cvss2_vuldb_tempscore4.0see CVSS documentation07/28/2021accepted
90
1147592207/28/2021VulD...cvss2_vuldb_basescore4.0see CVSS documentation07/28/2021accepted
90
1147592107/28/2021VulD...cvss3_vuldb_rlXderived from historical data07/28/2021accepted
80
1147592007/28/2021VulD...cvss3_vuldb_eXderived from historical data07/28/2021accepted
80
1147591907/28/2021VulD...cvss2_vuldb_rlNDderived from historical data07/28/2021accepted
80
1147591807/28/2021VulD...cvss2_vuldb_eNDderived from historical data07/28/2021accepted
80
1147591707/28/2021VulD...cvss2_vuldb_auSderived from historical data07/28/2021accepted
80
1147591607/28/2021VulD...cvss2_vuldb_rcCderived from vuldb v3 vector07/28/2021accepted
80
1147591507/28/2021VulD...cvss2_vuldb_aiNderived from vuldb v3 vector07/28/2021accepted
80
1147591407/28/2021VulD...cvss2_vuldb_iiNderived from vuldb v3 vector07/28/2021accepted
80
1147591307/28/2021VulD...cvss2_vuldb_ciPderived from vuldb v3 vector07/28/2021accepted
80

Do you want to use VulDB in your project?

Use the official API to access entries easily!