Affected by GO-2023-1991
and 16 other vulnerabilities
GO-2023-1991: Rancher Privilege Escalation Vulnerability in github.com/rancher/rancher
GO-2024-2535: Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher
GO-2024-2537: Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher
GO-2024-2760: Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher
GO-2024-2761: Rancher Login Parameter Can Be Edited in github.com/rancher/rancher
GO-2024-2762: Rancher code injection via fluentd config commands in github.com/rancher/rancher
GO-2024-2768: Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher
GO-2024-2771: Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher
GO-2024-2778: Rancher Privilege escalation vulnerability via malicious "Connection" header in github.com/rancher/rancher
GO-2024-2929: Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
GO-2024-2931: Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher
GO-2024-2932: Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher
GO-2024-3161: Rancher agents can be hijacked by taking over the Rancher Server URL in github.com/rancher/rancher
GO-2024-3220: Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher
GO-2024-3221: Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher
GO-2024-3223: Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher
GO-2024-3280: Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher
type AccessToken struct {
ID string `json:"id"`
Name string `json:"name"`
Permissions []string `json:"permissions"`
User User `json:"user"`
Token string `json:"token"`
}
type Commit struct {
ID string `json:"id"`
DisplayID string `json:"displayId"`
Author User `json:"author"`
Committer User `json:"committer"`
Message string `json:"message"`
}
type Hook struct {
ID int `json:"id"`
Name string `json:"name"`
Events []string `json:"events"`
Configuration HookConfiguration `json:"configuration"`
URL string `json:"url"`
Active bool `json:"active"`
}
type Project struct {
Key string `json:"key"`
ID int `json:"id"`
Name string `json:"name"`
Public bool `json:"public"`
Type string `json:"type"`
Links Links `json:"links"`
}
type PullRequest struct {
ID int `json:"id"`
Version int `json:"version"`
Title string `json:"title"`
Description string `json:"description"`
State string `json:"state"`
Open bool `json:"open"`
Closed bool `json:"closed"`
FromRef Ref `json:"fromRef"`
ToRef Ref `json:"toRef"`
Locked bool `json:"locked"`
Author struct {
User User `json:"user"`
Role string `json:"role"`
Approved bool `json:"approved"`
Status string `json:"status"`
} `json:"author"`
Links Links `json:"links"`
}
type PullRequestEventPayload struct {
EventKey string `json:"eventKey"`
Date string `json:"date"`
Actor User `json:"actor"`
PullRequest PullRequest `json:"pullRequest"`
}
type PushEventPayload struct {
EventKey string `json:"eventKey"`
Date string `json:"date"`
Actor User `json:"actor"`
Repository Repository `json:"repository"`
Changes []Change `json:"changes"`
}
type User struct {
Name string `json:"name"`
EmailAddress string `json:"emailAddress"`
ID int `json:"id"`
DisplayName string `json:"displayName"`
Active bool `json:"active"`
Slug string `json:"slug"`
Type string `json:"type"`
Links Links `json:"links"`
}