GO-2024-2535: Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher
GO-2024-2537: Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher
GO-2024-2760: Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher
GO-2024-2761: Rancher Login Parameter Can Be Edited in github.com/rancher/rancher
GO-2024-2768: Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher
GO-2024-2771: Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher
GO-2024-2778: Rancher Privilege escalation vulnerability via malicious "Connection" header in github.com/rancher/rancher
GO-2024-2784: Rancher Recreates Default User With Known Password Despite Deletion in github.com/rancher/rancher
GO-2024-2784: Rancher Recreates Default User With Known Password Despite Deletion in github.com/rancher/rancher
GO-2024-2929: Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
GO-2024-2931: Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher
GO-2024-2932: Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher
Documentation
¶
View Source
const (
ForwardProto = "X-Forwarded-Proto"
APIAuth = "X-API-Auth-Header"
CattleAuth = "X-API-CattleAuth-Header"
SetCookie = "Set-Cookie"
Cookie = "Cookie"
APISetCookie = "X-Api-Set-Cookie-Header"
APICookie = "X-Api-Cookie-Header"
CSP = "Content-Security-Policy"
XContentType = "X-Content-Type-Options"
)
type Signer interface {
}
Source Files
¶
Click to show internal directories.
Click to hide internal directories.