{"id":"CVE-2018-20321","details":"An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.","aliases":["GHSA-9qq2-xhmc-h9qr","GO-2022-0644"],"modified":"2026-04-10T04:07:39.786853Z","published":"2019-04-10T14:29:00.267Z","references":[{"type":"ADVISORY","url":"https://forums.rancher.com/c/announcements"},{"type":"ADVISORY","url":"https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rancher/rancher","events":[{"introduced":"14c6b3e8f903814c1bb9364187fb8193e33e7a82"},{"last_affected":"27809385301fa082700a62ed819735f67e243852"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"last_affected":"2.1.5"}]}}],"versions":["v2.0.0","v2.0.0-rc5","v2.0.1","v2.0.1-rc1","v2.0.1-rc2","v2.0.1-rc3","v2.0.1-rc4","v2.0.1-rc5","v2.0.1-rc6","v2.0.2","v2.0.2-rc1","v2.0.3","v2.0.3-rc1","v2.0.3-rc2","v2.0.3-rc3","v2.0.3-rc4","v2.0.3-rc5","v2.0.4","v2.0.4-rc1","v2.0.5","v2.0.5-rc1","v2.0.5-rc2","v2.0.5-rc3","v2.0.5-rc4","v2.0.5-rc5","v2.0.5-rc6","v2.0.6","v2.0.6-rc1","v2.0.6-rc2","v2.0.7","v2.0.7-rc1","v2.0.7-rc2","v2.0.7-rc3","v2.0.7-rc4","v2.0.7-rc5","v2.0.7-rc6","v2.0.8-rc2","v2.1.0","v2.1.0-rc1","v2.1.0-rc10","v2.1.0-rc2","v2.1.0-rc3","v2.1.0-rc4","v2.1.0-rc5","v2.1.0-rc6","v2.1.0-rc7","v2.1.0-rc8","v2.1.0-rc9","v2.1.1","v2.1.1-rc1","v2.1.1-rc2","v2.1.1-rc3","v2.1.1-rc4","v2.1.1-rc5","v2.1.1-rc6","v2.1.1-rc7","v2.1.2","v2.1.2-rc1","v2.1.2-rc10","v2.1.2-rc11","v2.1.2-rc12","v2.1.2-rc13","v2.1.2-rc14","v2.1.2-rc15","v2.1.2-rc16","v2.1.2-rc17","v2.1.2-rc2","v2.1.2-rc3","v2.1.2-rc4","v2.1.2-rc5","v2.1.2-rc6","v2.1.2-rc7","v2.1.2-rc8","v2.1.2-rc9","v2.1.3","v2.1.3-rc1","v2.1.3-rc2","v2.1.3-rc3","v2.1.4","v2.1.4-rc1","v2.1.4-rc2","v2.1.5","v2.1.5-rc1","v2.1.5-rc2","v2.1.5-rc3","v2.1.5-rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20321.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}