{"id":"CVE-2021-36775","details":"a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.","aliases":["GHSA-28g7-896h-695v","GO-2024-2760"],"modified":"2026-04-10T04:35:39.171176Z","published":"2022-04-04T13:15:07.467Z","references":[{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1189120"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rancher/rancher","events":[{"introduced":"0"},{"fixed":"cd0f57ed70205390ffd713b5fa0086fd4699abff"},{"introduced":"65f3525cdc1167872af4140d45f3153698450c52"},{"fixed":"c5f7295f6f105b3b21daac066c3b05616b81ec68"},{"introduced":"df2432ad895c9d6be0e47e0d6d62a4c3dc8f08e5"},{"fixed":"3c1d5fac32482f00828bec2a4eda39a431a4dbe4"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.4.18"},{"introduced":"2.5.0"},{"fixed":"2.5.12"},{"introduced":"2.6.0"},{"fixed":"2.6.3"}]}}],"versions":["2.4.8-rc2","v2.0.0","v2.0.0-alpha11","v2.0.0-alpha12","v2.0.0-alpha14","v2.0.0-alpha17","v2.0.0-alpha18","v2.0.0-alpha19","v2.0.0-alpha20","v2.0.0-alpha21","v2.0.0-alpha22","v2.0.0-alpha23","v2.0.0-alpha24","v2.0.0-alpha25","v2.0.0-alpha26","v2.0.0-alpha27","v2.0.0-alpha28","v2.0.0-beta1","v2.0.0-beta2","v2.0.0-beta3","v2.0.0-beta3-rc1","v2.0.0-beta4","v2.0.0-beta4-rc1","v2.0.0-beta4-rc2","v2.0.0-beta4-rc3","v2.0.0-beta4-rc4","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.0-rc4","v2.0.0-rc5","v2.0.1","v2.0.1-rc1","v2.0.1-rc2","v2.0.1-rc3","v2.0.1-rc4","v2.0.1-rc5","v2.0.1-rc6","v2.0.2","v2.0.2-rc1","v2.0.3","v2.0.3-rc1","v2.0.3-rc2","v2.0.3-rc3","v2.0.3-rc4","v2.0.3-rc5","v2.0.4","v2.0.4-rc1","v2.0.5","v2.0.5-rc1","v2.0.5-rc2","v2.0.5-rc3","v2.0.5-rc4","v2.0.5-rc5","v2.0.5-rc6","v2.0.6","v2.0.6-rc1","v2.0.6-rc2","v2.0.7","v2.0.7-rc1","v2.0.7-rc2","v2.0.7-rc3","v2.0.7-rc4","v2.0.7-rc5","v2.0.7-rc6","v2.0.8-rc2","v2.1.0","v2.1.0-rc1","v2.1.0-rc10","v2.1.0-rc2","v2.1.0-rc3","v2.1.0-rc4","v2.1.0-rc5","v2.1.0-rc6","v2.1.0-rc7","v2.1.0-rc8","v2.1.0-rc9","v2.2.0","v2.2.0-rc1","v2.2.0-rc10","v2.2.0-rc11","v2.2.0-rc12","v2.2.0-rc13","v2.2.0-rc14","v2.2.0-rc15","v2.2.0-rc2","v2.2.0-rc3","v2.2.0-rc4","v2.2.0-rc5","v2.2.0-rc6","v2.2.0-rc7","v2.2.0-rc8","v2.2.0-rc9","v2.3.0-alpha4","v2.3.0-alpha5","v2.3.0-alpha6","v2.3.0-alpha7","v2.3.0-rc1","v2.3.0-rc10","v2.3.0-rc2","v2.3.0-rc3","v2.3.0-rc4","v2.3.0-rc5","v2.3.0-rc6","v2.3.0-rc7","v2.3.0-rc8","v2.3.0-rc9","v2.4.0","v2.4.0-alpha1","v2.4.0-rc1","v2.4.0-rc10","v2.4.0-rc11","v2.4.0-rc12","v2.4.0-rc13","v2.4.0-rc14","v2.4.0-rc15","v2.4.0-rc16","v2.4.0-rc17","v2.4.0-rc18","v2.4.0-rc2","v2.4.0-rc3","v2.4.0-rc4","v2.4.0-rc5","v2.4.0-rc6","v2.4.0-rc7","v2.4.0-rc8","v2.4.0-rc9","v2.4.1-rc1","v2.4.1-rc2","v2.4.10","v2.4.10-rc1","v2.4.11","v2.4.11-rc1","v2.4.11-rc2","v2.4.11-rc3","v2.4.11-rc4","v2.4.11-rc5","v2.4.11-rc6","v2.4.13","v2.4.13-rc1","v2.4.13-rc2","v2.4.13-rc3","v2.4.13-rc4","v2.4.13-rc5","v2.4.13-rc6","v2.4.14","v2.4.14-rc1","v2.4.14-rc2","v2.4.14-rc3","v2.4.14-rc4","v2.4.15","v2.4.16","v2.4.16-rc1","v2.4.16-rc2","v2.4.16-rc3","v2.4.16-rc4","v2.4.16-rc5","v2.4.16-rc6","v2.4.17","v2.4.17-rc1","v2.4.18-rc1","v2.4.18-rc2","v2.4.18-rc3","v2.4.2","v2.4.2-rc1","v2.4.2-rc2","v2.4.2-rc3","v2.4.3","v2.4.3-rc1","v2.4.3-rc2","v2.4.3-rc3","v2.4.3-rc4","v2.4.3-rc5","v2.4.3-rc6","v2.4.3-rc7","v2.4.4-rc1","v2.4.5","v2.4.5-rc1","v2.4.5-rc10","v2.4.5-rc2","v2.4.5-rc3","v2.4.5-rc4","v2.4.5-rc5","v2.4.5-rc6","v2.4.5-rc7","v2.4.5-rc8","v2.4.5-rc9","v2.4.6","v2.4.6-rc1","v2.4.6-rc10","v2.4.6-rc11","v2.4.6-rc12","v2.4.6-rc2","v2.4.6-rc3","v2.4.6-rc4","v2.4.6-rc5","v2.4.6-rc6","v2.4.6-rc7","v2.4.6-rc8","v2.4.6-rc9","v2.4.7","v2.4.7-rc1","v2.4.7-rc2","v2.4.7-rc3","v2.4.8","v2.4.8-rc1","v2.4.8-rc2","v2.4.8-rc3","v2.4.9","v2.4.9-rc1","v2.4.9-rc10","v2.4.9-rc11","v2.4.9-rc12","v2.4.9-rc2","v2.4.9-rc3","v2.4.9-rc4","v2.4.9-rc5","v2.4.9-rc6","v2.4.9-rc7","v2.4.9-rc8","v2.4.9-rc9","v2.5.0","v2.5.0-rc9","v2.5.1","v2.5.1-rc1","v2.5.10","v2.5.10-rc1","v2.5.10-rc2","v2.5.10-rc3","v2.5.10-rc4","v2.5.10-rc5","v2.5.10-rc6","v2.5.10-rc7","v2.5.12-rc1","v2.5.12-rc2","v2.5.12-rc3","v2.5.12-rc4","v2.5.12-rc5","v2.5.12-rc6","v2.5.12-rc7","v2.5.2","v2.5.2-rc","v2.5.2-rc1","v2.5.2-rc10","v2.5.2-rc2","v2.5.2-rc3","v2.5.2-rc4","v2.5.2-rc5","v2.5.2-rc6","v2.5.2-rc7","v2.5.2-rc8","v2.5.2-rc9","v2.5.4","v2.5.4-rc1","v2.5.4-rc2","v2.5.4-rc3","v2.5.4-rc4","v2.5.4-rc5","v2.5.4-rc6","v2.5.4-rc7","v2.5.4-rc8","v2.5.4-rc9","v2.5.6","v2.5.6-rc1","v2.5.6-rc2","v2.5.6-rc3","v2.5.6-rc4","v2.5.6-rc5","v2.5.6-rc6","v2.5.6-rc7","v2.5.6-rc8","v2.5.6-rc9","v2.5.8","v2.5.8-rc10","v2.5.8-rc11","v2.5.8-rc12","v2.5.8-rc13","v2.5.8-rc14","v2.5.8-rc15","v2.5.8-rc16","v2.5.8-rc17","v2.5.8-rc18","v2.5.8-rc19","v2.5.8-rc2","v2.5.8-rc20","v2.5.8-rc21","v2.5.8-rc3","v2.5.8-rc4","v2.5.8-rc5","v2.5.8-rc6","v2.5.8-rc7","v2.5.8-rc8","v2.5.8-rc9","v2.6.0","v2.6.0-rc10","v2.6.1","v2.6.1-harvester1","v2.6.1-harvester2","v2.6.1-rc1","v2.6.1-rc10","v2.6.1-rc11","v2.6.1-rc12","v2.6.1-rc13","v2.6.1-rc2","v2.6.1-rc3","v2.6.1-rc4","v2.6.1-rc5","v2.6.1-rc6","v2.6.1-rc7","v2.6.1-rc8","v2.6.1-rc9","v2.6.3-rc1","v2.6.3-rc10","v2.6.3-rc2","v2.6.3-rc3","v2.6.3-rc4","v2.6.3-rc5","v2.6.3-rc6","v2.6.3-rc7","v2.6.3-rc8","v2.6.3-rc9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36775.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}