Go module
github.com/rancher/rancher
history
arrow_drop_downv2.1.4+incompatible
Newer version availablehistory
arrow_drop_downv2.1.4+incompatible
Newer version availablehistoryNewer version available
arrow_drop_downPublished
remove
Licenses
Licenses
remove
Apache-2.0
Security Advisories
In this package
remove
GHSA-28g7-896h-695vRancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
remove
GHSA-2p4g-jrmx-r34mRancher Login Parameter Can Be Edited
remove
GHSA-53pj-67m4-9w98Rancher code injection via fluentd config commands
remove
GHSA-6m8r-jh89-rq7hRancher Cross-site Scripting Vulnerability
remove
GHSA-6r7x-4q7g-h83jRancher Project Members Have Continued Access to Namespaces After Being Removed From Them
remove
GHSA-9qq2-xhmc-h9qrAccess Control Bypass
remove
GHSA-f9xf-jq4j-vqw4Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
remove
GHSA-gc62-j469-9gjmRancher Privilege Escalation Vulnerability
remove
GHSA-pvxj-25m6-7vqrRancher Privilege escalation vulnerability via malicious "Connection" header
remove
GHSA-wm2r-rp98-8pmhExposure of SSH credentials in Rancher/Fleet
remove
GHSA-xh8x-j8h3-m5phRancher Recreates Default User With Known Password Despite Deletion
remove
GHSA-xhg2-rvm8-w2jhRancher Vulnerable to Cross-site Request Forgery (CSRF)
remove
GO-2022-0644Access Control Bypass in github.com/rancher/rancher
remove
GO-2022-0755Cross-site request forgery in github.com/rancher/rancher
remove
GO-2023-1991Rancher Privilege Escalation Vulnerability in github.com/rancher/rancher
remove
GO-2024-2535Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher
remove
GO-2024-2537Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher
remove
GO-2024-2760Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher
remove
GO-2024-2761Rancher Login Parameter Can Be Edited in github.com/rancher/rancher
remove
GO-2024-2762Rancher code injection via fluentd config commands in github.com/rancher/rancher
remove
GO-2024-2764Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher
remove
GO-2024-2768Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher
remove
GO-2024-2771Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher
remove
GO-2024-2778Rancher Privilege escalation vulnerability via malicious "Connection" header in github.com/rancher/rancher
remove
GO-2024-2784Rancher Recreates Default User With Known Password Despite Deletion in github.com/rancher/rancher
remove
GO-2024-2929Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
remove
GO-2024-2931Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher
remove
GO-2024-2932Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher
remove
GO-2024-3161Rancher agents can be hijacked by taking over the Rancher Server URL in github.com/rancher/rancher
remove
GO-2024-3220Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher
remove
GO-2024-3221Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher
remove
GO-2024-3223Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher
remove
GO-2024-3280Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher
remove
GO-2025-3391Rancher UI has Stored Cross-site Scripting vulnerability in github.com/rancher/rancher
remove
GO-2025-3489Rancher's SAML-based login via CLI can be denied by unauthenticated users in github.com/rancher/rancher
remove
GO-2025-3490Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login in github.com/rancher/rancher
remove
GO-2025-3491Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API in github.com/rancher/rancher
remove
GO-2025-3586Rancher: Restricted Administrator can change Administrator's passwords in github.com/rancher/rancher
remove
GO-2025-3647Rancher users who can create Projects can gain access to arbitrary projects in github.com/rancher/rancher
Capabilities
No analysis results for version.
No analysis results for version.