{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"critical"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2021-36782","title":"Title"},{"category":"description","text":"A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2021-36782","url":"https://www.suse.com/security/cve/CVE-2021-36782"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1193988 for CVE-2021-36782","url":"https://bugzilla.suse.com/1193988"},{"category":"external","summary":"Advisory link for GHSA-8c69-r38j-rpfj","url":"https://github.com/rancher/rancher/security/advisories/GHSA-8c69-r38j-rpfj"},{"category":"external","summary":"Advisory link for GHSA-cq4p-vp5q-4522","url":"https://github.com/rancher/rancher/security/advisories/GHSA-cq4p-vp5q-4522"},{"category":"external","summary":"Advisory link for GHSA-g7j7-h4q8-8w2f","url":"https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f"},{"category":"external","summary":"Advisory link for TID000020910","url":"https://www.suse.com/support/kb/doc/?id=000020910"}],"title":"SUSE CVE CVE-2021-36782","tracking":{"current_release_date":"2025-02-17T05:17:27Z","generator":{"date":"2023-02-15T03:39:40Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2021-36782","initial_release_date":"2023-02-15T03:39:40Z","revision_history":[{"date":"2023-02-15T03:39:40Z","number":"2","summary":"Current version"},{"date":"2025-01-01T04:20:06Z","number":"3","summary":"Current version"},{"date":"2025-02-15T04:54:45Z","number":"4","summary":"Current version"},{"date":"2025-02-17T05:17:27Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}}}