{"id":"GO-2024-2930","summary":"RKE credentials are stored in the RKE1 Cluster state ConfigMap in github.com/rancher/rke","details":"When RKE provisions a cluster, it stores the cluster state in a configmap called \"full-cluster-state\" inside the \"kube-system\" namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include sensitive data.","aliases":["CVE-2023-32191","GHSA-6gr4-52w6-vmqx"],"modified":"2024-07-01T20:29:06.526667Z","published":"2024-07-01T19:59:12Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2024-2930"},"references":[{"type":"ADVISORY","url":"https://github.com/rancher/rke/security/advisories/GHSA-6gr4-52w6-vmqx"},{"type":"FIX","url":"https://github.com/rancher/rke/commit/cf49199481a1891909acb1384eed73a5c987d5bd"},{"type":"FIX","url":"https://github.com/rancher/rke/commit/f7485b8dce376db0fc15a7c3ceb3de7029c8d0cf"}],"affected":[{"package":{"name":"github.com/rancher/rke","ecosystem":"Go","purl":"pkg:golang/github.com/rancher/rke"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.4.18"},{"fixed":"1.4.19"},{"introduced":"1.5.9"},{"fixed":"1.5.10"}]}],"ecosystem_specific":{"imports":[{"symbols":["GetSecret","GetSecretsList","GetSystemSecret","UpdateSecret"],"path":"github.com/rancher/rke/k8s"},{"symbols":["Cluster.CheckClusterPorts","Cluster.CleanDeadLogs","Cluster.CleanupNodes","Cluster.ClusterRemove","Cluster.DeployControlPlane","Cluster.DeployRestoreCerts","Cluster.DeployStateFile","Cluster.DeployWorkerPlane","Cluster.DisableSecretsEncryption","Cluster.GetStateFileFromConfigMap","Cluster.PrePullK8sImages","Cluster.ReconcileDesiredStateEncryptionConfig","Cluster.RewriteSecrets","Cluster.RotateEncryptionKey","Cluster.RunSELinuxCheck","Cluster.SetUpHosts","Cluster.StoreAddonConfigMap","Cluster.SyncLabelsAndTaints","Cluster.TunnelHosts","Cluster.UpdateClusterCurrentState","Cluster.UpgradeControlPlane","Cluster.UpgradeWorkerPlane","ConfigureCluster","FullState.WriteStateFile","GetClusterCertsFromKubernetes","GetK8sVersion","GetStateFromKubernetes","ReadStateFile","RebuildKubeconfig","RebuildState","ReconcileCluster","ReconcileEncryptionProviderConfig","RestartClusterPods","SaveFullStateToKubernetes","buildFreshState"],"path":"github.com/rancher/rke/cluster"},{"symbols":["ClusterInit","ClusterRemove","ClusterUp","RestoreEtcdSnapshot","RestoreEtcdSnapshotFromCli","RetrieveClusterStateConfigMap","RotateEncryptionKey","SnapshotRemoveFromEtcdHosts","SnapshotSaveEtcdHosts","SnapshotSaveEtcdHostsFromCli","getStateFile","saveClusterState"],"path":"github.com/rancher/rke/cmd"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-2930.json"}}],"schema_version":"1.7.3"}