x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-f9xf-jq4j-vqw4 #2768
Description
In GitHub Security Advisory GHSA-f9xf-jq4j-vqw4, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/rancher/rancher | 2.5.9 | >= 2.5.0, < 2.5.9 |
Cross references:
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-wm2r-rp98-8pmh #439 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-21951 #464 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-4fc7-hc63-7fjg #551 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-hx8w-ghh8-r4xf #605 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-jwvr-vv7p-gpwq, CVE-2021-36784 #610 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-9qq2-xhmc-h9qr #644 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36782 #973 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36783 #974 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-31247 #975 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-34p5-jp77-fcrc #1511 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-7m72-mh5r-6j3r #1513 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8c69-r38j-rpfj #1514 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c45c-39f6-6gw9 #1516 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-cq4p-vp5q-4522 #1517 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-g25r-gvq3-wrq7 #1518 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m9f-pj6w-w87g #1736 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-43760 #1814 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22647 #1815 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22648 #1816 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8vhc-hwhc-cpj4 #1825 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m8r-jh89-rq7h #1905 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-w3x4-9854-95x8 #1973 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gc62-j469-9gjm #1991 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c85r-fwc7-45vc #2535 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-xfj7-qf8w-2gcr #2537 EFFECTIVELY_PRIVATE
- Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher/server: GHSA-xhg2-rvm8-w2jh #755
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/rancher/rancher
versions:
- introduced: 2.5.0
fixed: 2.5.9
packages:
- package: github.com/rancher/rancher
- module: github.com/rancher/rancher
versions:
- introduced: 2.0.0
fixed: 2.4.16
packages:
- package: github.com/rancher/rancher
summary: |-
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC
resources in github.com/rancher/rancher
cves:
- CVE-2021-25318
ghsas:
- GHSA-f9xf-jq4j-vqw4
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2021-25318
- report: https://github.com/rancher/rancher/issues/33590
- web: https://bugzilla.suse.com/show_bug.cgi?id=1184913
- advisory: https://github.com/advisories/GHSA-f9xf-jq4j-vqw4
source:
id: GHSA-f9xf-jq4j-vqw4