Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Vulnerabilities In 2 Suse Enterprise Container Management Platforms, Patch Immediately!
Image
Published : 29/10/2024
Reference:
Advisory #2024-251
Version:
1.0
Affected software:
Rancher before 2.8.9 and 2.9.3
RKE2 before 1.27.15, 1.28.11, 1.29.6, 1.30.2, and 1.31.0
Type:
Unauthorized access to sensitive credentials and Privilege Escalation
CVE/CVSS:
- CVE-2022-45157: CVSS 9.1(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L)
- CVE-2023-32197: CVSS 9.1(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Sources
Suse on Github:
- https://github.com/rancher/rancher/security/advisories/GHSA-xj7w-r753-vj8v
- https://github.com/rancher/rancher/security/advisories/GHSA-7h8m-pvw3-5gh4
- https://github.com/rancher/rke2/security/advisories/GHSA-x7xj-jvwp-97rv
Risks
CVE-2022-45157 is a vulnerability in Rancher that stores the credentials used to deploy clusters through vSphere’s cloud provider in an insecure way. The vulnerability only affects people using vSphere to deploy their environments.
CVE-2023-32197 is a privilege escalation vulnerability in both Rancher and RKE2 that only affects deployments on Windows nodes.
These vulnerabilities have a high impact on confidentiality.
Description
CVE-2022-45157 can be abused due to the way Rancher stores vSphere’s CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy a cluster. As a consequence the vSphere CPI and CSI password are stored in plaintext inside Rancher.
The vulnerability has been patched in versions 2.8.9 and 2.9.3, but additional actions are required after updating the environment. A script needs to be run as described in the advisory.
It is also recommended to rotate vSphere’s credentials.
CVE-2023-32197 is a privilege escalation vulnerability affecting both Rancher and RKE2 on Windows nodes. The issue exists due to weak Access Control Lists (ACL) that allow BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files.
Organisations using Windows as an underlying OS are encouraged to upgrade to Rancher 2.8.9/2.9.3 and RKE2 1.31.0/1.30.2/1.29.6/1.28.11/1.27.15.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
For Rancher, additional actions are required after updating the environment. A script needs to be run as described in the advisory.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Security Online: