{"id":"CVE-2021-36782","details":"A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.","aliases":["GHSA-g7j7-h4q8-8w2f"],"modified":"2026-03-13T21:59:27.361132Z","published":"2022-09-07T09:15:08.397Z","related":["GHSA-g7j7-h4q8-8w2f"],"references":[{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1193988"},{"type":"EVIDENCE","url":"https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rancher/rancher","events":[{"introduced":"65f3525cdc1167872af4140d45f3153698450c52"},{"fixed":"3f4e21bca44391b582601799de34075729c19783"},{"introduced":"df2432ad895c9d6be0e47e0d6d62a4c3dc8f08e5"},{"fixed":"e5c6f0f6a44dde287e9423acd99cf906fbda0aa2"}],"database_specific":{"versions":[{"introduced":"2.5.0"},{"fixed":"2.5.16"},{"introduced":"2.6.0"},{"fixed":"2.6.7"}]}}],"versions":["v2.5.0","v2.5.0-rc9","v2.5.1","v2.5.1-rc1","v2.5.10","v2.5.10-rc1","v2.5.10-rc2","v2.5.10-rc3","v2.5.10-rc4","v2.5.10-rc5","v2.5.10-rc6","v2.5.10-rc7","v2.5.12","v2.5.12-rc1","v2.5.12-rc2","v2.5.12-rc3","v2.5.12-rc4","v2.5.12-rc5","v2.5.12-rc6","v2.5.12-rc7","v2.5.12-rc8","v2.5.13","v2.5.13-rc1","v2.5.13-rc2","v2.5.13-rc3","v2.5.13-rc4","v2.5.14","v2.5.14-rc1","v2.5.14-rc2","v2.5.16-rc1","v2.5.16-rc2","v2.5.16-rc3","v2.5.2","v2.5.2-rc","v2.5.2-rc1","v2.5.2-rc10","v2.5.2-rc2","v2.5.2-rc3","v2.5.2-rc4","v2.5.2-rc5","v2.5.2-rc6","v2.5.2-rc7","v2.5.2-rc8","v2.5.2-rc9","v2.5.4","v2.5.4-rc1","v2.5.4-rc2","v2.5.4-rc3","v2.5.4-rc4","v2.5.4-rc5","v2.5.4-rc6","v2.5.4-rc7","v2.5.4-rc8","v2.5.4-rc9","v2.5.6","v2.5.6-rc1","v2.5.6-rc2","v2.5.6-rc3","v2.5.6-rc4","v2.5.6-rc5","v2.5.6-rc6","v2.5.6-rc7","v2.5.6-rc8","v2.5.6-rc9","v2.5.8","v2.5.8-rc10","v2.5.8-rc11","v2.5.8-rc12","v2.5.8-rc13","v2.5.8-rc14","v2.5.8-rc15","v2.5.8-rc16","v2.5.8-rc17","v2.5.8-rc18","v2.5.8-rc19","v2.5.8-rc2","v2.5.8-rc20","v2.5.8-rc21","v2.5.8-rc3","v2.5.8-rc4","v2.5.8-rc5","v2.5.8-rc6","v2.5.8-rc7","v2.5.8-rc8","v2.5.8-rc9","v2.6.0","v2.6.0-rc10","v2.6.1","v2.6.1-harvester1","v2.6.1-harvester2","v2.6.1-rc1","v2.6.1-rc10","v2.6.1-rc11","v2.6.1-rc12","v2.6.1-rc13","v2.6.1-rc2","v2.6.1-rc3","v2.6.1-rc4","v2.6.1-rc5","v2.6.1-rc6","v2.6.1-rc7","v2.6.1-rc8","v2.6.1-rc9","v2.6.3","v2.6.3-harvester1","v2.6.3-rc1","v2.6.3-rc10","v2.6.3-rc11","v2.6.3-rc2","v2.6.3-rc3","v2.6.3-rc4","v2.6.3-rc5","v2.6.3-rc6","v2.6.3-rc7","v2.6.3-rc8","v2.6.3-rc9","v2.6.4-alpha1","v2.6.4-alpha2","v2.6.4-alpha3","v2.6.4-rc1","v2.6.4-rc10","v2.6.4-rc11","v2.6.4-rc12","v2.6.4-rc13","v2.6.4-rc2","v2.6.4-rc3","v2.6.4-rc4","v2.6.4-rc5","v2.6.4-rc6","v2.6.4-rc8","v2.6.4-rc9","v2.6.5","v2.6.5-alpha1","v2.6.5-rc1","v2.6.5-rc10","v2.6.5-rc11","v2.6.5-rc12","v2.6.5-rc2","v2.6.5-rc3","v2.6.5-rc4","v2.6.5-rc5","v2.6.5-rc6","v2.6.5-rc8","v2.6.5-rc9","v2.6.6-rc1","v2.6.7-rc1","v2.6.7-rc2","v2.6.7-rc3","v2.6.7-rc4","v2.6.7-rc5","v2.6.7-rc6","v2.6.7-rc7","v2.6.7-rc8","v2.6.7-rc9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36782.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}