Rancher Security Advisory: Heads up on Rancher CVE-2018-20321 and CVE-2019-6287

Table of Contents

January 22, 2019

This advisory was first communicated by email, on the date mentioned above, to all Rancher customers with a then active support subscription.

Dear Rancher Customer,

We want to give you an advisory heads up on two security vulnerabilities that we have discovered, in Rancher 2.x, both of which result in a privilege escalation situation.  These vulnerabilities do not apply to Rancher 1.6.x or RancherOS products.

The vulnerabilities apply to versions 2.0.0 - 2.1.5 of Rancher:

  • CVE-2018-20321 was first discovered by two Rancher community users.
  • CVE-2019-6287 was discovered by Rancher QA team.

For more details on the above, please visit KB articles CVE-2018-20321 and CVE-2019-6287 in the Rancher Support Portal (login required).  

We are currently working on providing fixes that will address these two vulnerabilities.  We expect to make a Rancher release the week of January 28 that will address both these items.

Stay tuned.  We will update you with a follow up communication closer to the release. 

If there are any questions, simply submit a request via this portal referencing this article and we will track and respond to your question as a Support Ticket.


Rancher Support Team

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.