Affected by GO-2024-2535
and 14 other vulnerabilities
GO-2024-2535: Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher
GO-2024-2537: Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher
GO-2024-2760: Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher
GO-2024-2761: Rancher Login Parameter Can Be Edited in github.com/rancher/rancher
GO-2024-2768: Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher
GO-2024-2771: Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher
GO-2024-2778: Rancher Privilege escalation vulnerability via malicious "Connection" header in github.com/rancher/rancher
GO-2024-2929: Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
GO-2024-2931: Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher
GO-2024-2932: Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher
GO-2024-3161: Rancher agents can be hijacked by taking over the Rancher Server URL in github.com/rancher/rancher
GO-2024-3220: Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher
GO-2024-3221: Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher
GO-2024-3223: Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher
GO-2024-3280: Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher
type Controller struct {
// contains filtered or unexported fields
}
Controller is responsible for monitoring DNSRecord services
and populating the endpoint based on target service endpoints.
The controller DOES NOT monitor the changes to the target endpoints;
that would be handled in the by EndpointController
type EndpointController struct {
// contains filtered or unexported fields
}
EndpointController is responsible for monitoring endpoints
finding out if they are the part of DNSRecord service
and calling the update on the target service