CVE-2017-7297

Published: Mar 29, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.

Affected (4)

Products: Suse: Rancher

Suse

1 product

Rancher

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Suse Rancher	From 1.2.0 to 1.2.4
Suse Rancher	From 1.3.0 to 1.3.5
Suse Rancher	From 1.4.0 to 1.4.3
Suse Rancher	From 1.5.0 to 1.5.3

References (4)

http://www.securityfocus.com/bid/97180

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/rancher/rancher/issues/8296

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/97180

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/rancher/rancher/issues/8296

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.