Affected by GO-2024-2535
and 14 other vulnerabilities
GO-2024-2535: Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher
GO-2024-2537: Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher
GO-2024-2760: Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher
GO-2024-2761: Rancher Login Parameter Can Be Edited in github.com/rancher/rancher
GO-2024-2768: Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher
GO-2024-2771: Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher
GO-2024-2778: Rancher Privilege escalation vulnerability via malicious "Connection" header in github.com/rancher/rancher
GO-2024-2929: Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
GO-2024-2931: Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher
GO-2024-2932: Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher
GO-2024-3161: Rancher agents can be hijacked by taking over the Rancher Server URL in github.com/rancher/rancher
GO-2024-3220: Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher
GO-2024-3221: Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher
GO-2024-3223: Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher
GO-2024-3280: Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher
type MetricsServiceController struct {
// contains filtered or unexported fields
}
The MetricsServiceController maintains the relation between workload, service monitor and service.
The service monitor will create services that point to workloads or pods with selector. The service monitor
owns those service and should delete with the object.