Headline
CVE-2021-36778: Exposure of repository credentials to external third-party sources
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.
First Last Prev Next This bug is not in your last search results.
Bug 1191466 - (CVE-2021-36778) VUL-0: CVE-2021-36778: Rancher: Exposure of repository credentials to external third-party sources
(CVE-2021-36778)
Summary:
VUL-0: CVE-2021-36778: Rancher: Exposure of repository credentials to externa…
Status:
NEW
Classification:
Novell Products
Product:
SUSE Security Incidents
Classification:
Novell Products
Component:
Incidents
Version:
unspecified
Hardware:
Other Other
Priority:
P3 - Medium Severity: Critical
Target Milestone:
—
Assigned To:
Security Team bot
QA Contact:
Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
Show dependency tree / graph
Create test case
Clone This Bug
Reported:
2021-10-07 22:59 UTC by Jonathan Mercier
Modified:
2022-04-15 09:18 UTC (History)
CC List:
4 users (show)
See Also:
Found By:
—
Services Priority:
Business Priority:
Blocker:
—
Marketing QA Status:
—
IT Deployment:
—
Attachments
Add an attachment (proposed patch, testcase, etc.)
Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Mercier 2021-10-07 22:59:44 UTC
Hello, the Rancher team would like to request a CVE number for an embargoed CVE.
The URL and details of the CVE can be found here: https://github.com/rancherlabs/embargoed-security/issues/27
Comment 1 Johannes Segitz 2021-10-08 09:41:19 UTC
Please use CVE-2021-36778 for this
Comment 2 Gianluca Gabrielli 2022-04-15 08:27:31 UTC
public at https://github.com/rancher/rancher/security/advisories/GHSA-4fc7-hc63-7fjg
- Format For Printing
- XML
- Clone This Bug
- Top of page
First Last Prev Next This bug is not in your last search results.
Related news
### Impact This issue only happens when the user configures access credentials to a private repository in Rancher inside `Apps & Marketplace > Repositories`. It affects Rancher versions 2.5.0 up to and including 2.5.11 and from 2.6.0 up to and including 2.6.2. An insufficient check of the same-origin policy when downloading Helm charts from a configured private repository can lead to exposure of the repository credentials to a third-party provider. This exposure happens when the private repository: 1. Does an HTTP redirect to a third-party repository or external storage provider. 2. Downloads an icon resource for the chart hosted on a third-party provider. The address of the private repository is not leaked, only the credentials are leaked in the HTTP `Authorization` header in base64 format. With the patched versions, the default behavior now is to only send the private repository credentials when subdomain or domain hostname match when following the redirect or downloading externa...