x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-28g7-896h-695v #2760

GoVulnBot · 2024-04-24T22:01:26Z

In GitHub Security Advisory GHSA-28g7-896h-695v, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/rancher/rancher	2.6.3	>= 2.6.0, <= 2.6.2

Cross references:

Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-wm2r-rp98-8pmh #439 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-21951 #464 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-4fc7-hc63-7fjg #551 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-hx8w-ghh8-r4xf #605 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-jwvr-vv7p-gpwq, CVE-2021-36784 #610 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-9qq2-xhmc-h9qr #644 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36782 #973 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36783 #974 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-31247 #975 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-34p5-jp77-fcrc #1511 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-7m72-mh5r-6j3r #1513 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8c69-r38j-rpfj #1514 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c45c-39f6-6gw9 #1516 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-cq4p-vp5q-4522 #1517 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-g25r-gvq3-wrq7 #1518 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m9f-pj6w-w87g #1736 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-43760 #1814 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22647 #1815 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22648 #1816 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8vhc-hwhc-cpj4 #1825 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m8r-jh89-rq7h #1905 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-w3x4-9854-95x8 #1973 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gc62-j469-9gjm #1991 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c85r-fwc7-45vc #2535 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-xfj7-qf8w-2gcr #2537 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher/server: GHSA-xhg2-rvm8-w2jh #755

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/rancher/rancher
      versions:
        - introduced: TODO (earliest fixed "2.6.3", vuln range ">= 2.6.0, <= 2.6.2")
      packages:
        - package: github.com/rancher/rancher
    - module: github.com/rancher/rancher
      versions:
        - introduced: TODO (earliest fixed "2.5.12", vuln range ">= 2.5.0, <= 2.5.11")
      packages:
        - package: github.com/rancher/rancher
    - module: github.com/rancher/rancher
      versions:
        - introduced: TODO (earliest fixed "2.4.18", vuln range "<= 2.4.17")
      packages:
        - package: github.com/rancher/rancher
summary: |-
    Rancher's Failure to delete orphaned role bindings does not revoke project level
    access from group based authentication in github.com/rancher/rancher
cves:
    - CVE-2021-36775
ghsas:
    - GHSA-28g7-896h-695v
references:
    - advisory: https://github.com/rancher/rancher/security/advisories/GHSA-28g7-896h-695v
    - web: https://nvd.nist.gov/vuln/detail/CVE-2021-36775
    - web: https://bugzilla.suse.com/show_bug.cgi?id=1189120
    - advisory: https://github.com/advisories/GHSA-28g7-896h-695v
source:
    id: GHSA-28g7-896h-695v

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-04-30T15:58:02Z

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

gopherbot · 2024-06-04T20:42:53Z

Change https://go.dev/cl/590278 mentions this issue: data/reports: add 48 unreviewed reports

tatianab assigned maceonthompson May 10, 2024

tatianab added the triaged label May 23, 2024

gopherbot closed this as completed in 8ed6db9 Jun 5, 2024

GoVulnBot mentioned this issue Sep 26, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-h4h5-9833-v2p4 #3161

Closed

GoVulnBot mentioned this issue Oct 15, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22644 #3201

Closed

This was referenced Oct 25, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-h99m-6755-rgwc #3221

Closed

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-xj7w-r753-vj8v #3223

Closed

GoVulnBot mentioned this issue Nov 21, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-9c5p-35gj-jqp4 #3280

Closed

GoVulnBot mentioned this issue Jan 14, 2025

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-2v2w-8v8c-wcm9 #3391

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-28g7-896h-695v #2760

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-28g7-896h-695v #2760

GoVulnBot commented Apr 24, 2024

gopherbot commented Apr 30, 2024

gopherbot commented Jun 4, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-28g7-896h-695v #2760

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-28g7-896h-695v #2760

Comments

GoVulnBot commented Apr 24, 2024

gopherbot commented Apr 30, 2024

gopherbot commented Jun 4, 2024