Skip to content

Commit

Permalink
Update versioned docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@pdellamore
pdellamore committed Sep 26, 2024
1 parent 49bc002 commit c54dfad
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 1 deletion.
1 change: 1 addition & 0 deletions ...s/version-2.7/reference-guides/rancher-security/security-advisories-and-cves.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ Rancher is committed to informing the community of security issues in our produc

| ID | Description | Date | Resolution |
|----|-------------|------|------------|
[CVE-2024-22030](https://github.com/rancher/rancher/security/advisories/GHSA-h4h5-9833-v2p4) | A high severity vulnerability was discovered in Rancher's agents that under very specific circumstances allows a malicious actor to take over existing Rancher nodes. The attacker needs to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain in order to exploit this vulnerability. The targeted domain is the one used as the Rancher URL (the `server-url` of the Rancher cluster). | 19 Sep 2024 | Rancher [v2.9.2](https://github.com/rancher/rancher/releases/tag/v2.9.2), [v2.8.8](https://github.com/rancher/rancher/releases/tag/v2.8.8) and [v2.7.15](https://github.com/rancher/rancher/releases/tag/v2.7.15) |

Check warning on line 13 in versioned_docs/version-2.7/reference-guides/rancher-security/security-advisories-and-cves.md

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[common.Editorializing] Consider removing 'very'

Raw Output:
{"message": "[common.Editorializing] Consider removing 'very'", "location": {"path": "versioned_docs/version-2.7/reference-guides/rancher-security/security-advisories-and-cves.md", "range": {"start": {"line": 13, "column": 172}}}, "severity": "WARNING"}

Check warning on line 13 in versioned_docs/version-2.7/reference-guides/rancher-security/security-advisories-and-cves.md

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[common.Wordiness] Consider using 'to' instead of 'in order to'

Raw Output:
{"message": "[common.Wordiness] Consider using 'to' instead of 'in order to'", "location": {"path": "versioned_docs/version-2.7/reference-guides/rancher-security/security-advisories-and-cves.md", "range": {"start": {"line": 13, "column": 380}}}, "severity": "WARNING"}

Check warning on line 13 in versioned_docs/version-2.7/reference-guides/rancher-security/security-advisories-and-cves.md

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[common.Usage] Use 'to' instead of 'in order to'.

Raw Output:
{"message": "[common.Usage] Use 'to' instead of 'in order to'.", "location": {"path": "versioned_docs/version-2.7/reference-guides/rancher-security/security-advisories-and-cves.md", "range": {"start": {"line": 13, "column": 380}}}, "severity": "WARNING"}
| [CVE-2024-22032](https://github.com/rancher/rancher/security/advisories/GHSA-q6c7-56cq-g2wm) | An issue was discovered in Rancher versions up to and including 2.7.13 and 2.8.4, where custom secrets encryption configurations are stored in plaintext under the clusters `AppliedSpec`. This also causes clusters to continuously reconcile, as the `AppliedSpec` would never match the desired cluster `Spec`. The stored information contains the encryption configuration for secrets within etcd, and could potentially expose sensitive data if the etcd database was exposed directly. | 17 Jun 2024 | Rancher [v2.8.5](https://github.com/rancher/rancher/releases/tag/v2.8.5) and [v2.7.14](https://github.com/rancher/rancher/releases/tag/v2.7.14) |
| [CVE-2023-32196](https://github.com/rancher/rancher/security/advisories/GHSA-64jq-m7rq-768h) | An issue was discovered in Rancher versions up to and including 2.7.13 and 2.8.4, where the webhook rule resolver ignores rules from a `ClusterRole` for an external `RoleTemplate` set with `.context=project` or `.context=""`. This allows a user to create an external `ClusterRole` with `.context=project` or `.context=""`, depending on the use of the new feature flag `external-rules` and backing `ClusterRole`. | 17 Jun 2024 | Rancher [v2.8.5](https://github.com/rancher/rancher/releases/tag/v2.8.5) and [v2.7.14](https://github.com/rancher/rancher/releases/tag/v2.7.14) |
| [CVE-2023-22650](https://github.com/rancher/rancher/security/advisories/GHSA-9ghh-mmcq-8phc) | An issue was discovered in Rancher versions up to and including 2.7.13 and 2.8.4, where Rancher did not have a user retention process for when external authentication providers are used, that could be configured to run periodically and disable and/or delete inactive users. The new user retention process added in Rancher v2.8.5 and Rancher v2.7.14 is disabled by default. If enabled, a user becomes subject to the retention process if they don't log in for a configurable period of time. It's possible to set overrides for user accounts that are primarily intended for programmatic access (e.g. CI, scripts, etc.) so that they don't become subject to the retention process for a longer period of time or at all. | 17 Jun 2024 | Rancher [v2.8.5](https://github.com/rancher/rancher/releases/tag/v2.8.5) and [v2.7.14](https://github.com/rancher/rancher/releases/tag/v2.7.14) |
Expand Down
1 change: 1 addition & 0 deletions ...s/version-2.8/reference-guides/rancher-security/security-advisories-and-cves.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ Rancher is committed to informing the community of security issues in our produc

| ID | Description | Date | Resolution |
|----|-------------|------|------------|
[CVE-2024-22030](https://github.com/rancher/rancher/security/advisories/GHSA-h4h5-9833-v2p4) | A high severity vulnerability was discovered in Rancher's agents that under very specific circumstances allows a malicious actor to take over existing Rancher nodes. The attacker needs to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain in order to exploit this vulnerability. The targeted domain is the one used as the Rancher URL (the `server-url` of the Rancher cluster). | 19 Sep 2024 | Rancher [v2.9.2](https://github.com/rancher/rancher/releases/tag/v2.9.2), [v2.8.8](https://github.com/rancher/rancher/releases/tag/v2.8.8) and [v2.7.15](https://github.com/rancher/rancher/releases/tag/v2.7.15) |

Check warning on line 13 in versioned_docs/version-2.8/reference-guides/rancher-security/security-advisories-and-cves.md

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[common.Editorializing] Consider removing 'very'

Raw Output:
{"message": "[common.Editorializing] Consider removing 'very'", "location": {"path": "versioned_docs/version-2.8/reference-guides/rancher-security/security-advisories-and-cves.md", "range": {"start": {"line": 13, "column": 172}}}, "severity": "WARNING"}

Check warning on line 13 in versioned_docs/version-2.8/reference-guides/rancher-security/security-advisories-and-cves.md

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[common.Usage] Use 'to' instead of 'in order to'.

Raw Output:
{"message": "[common.Usage] Use 'to' instead of 'in order to'.", "location": {"path": "versioned_docs/version-2.8/reference-guides/rancher-security/security-advisories-and-cves.md", "range": {"start": {"line": 13, "column": 380}}}, "severity": "WARNING"}

Check warning on line 13 in versioned_docs/version-2.8/reference-guides/rancher-security/security-advisories-and-cves.md

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[common.Wordiness] Consider using 'to' instead of 'in order to'

Raw Output:
{"message": "[common.Wordiness] Consider using 'to' instead of 'in order to'", "location": {"path": "versioned_docs/version-2.8/reference-guides/rancher-security/security-advisories-and-cves.md", "range": {"start": {"line": 13, "column": 380}}}, "severity": "WARNING"}
| [CVE-2024-22032](https://github.com/rancher/rancher/security/advisories/GHSA-q6c7-56cq-g2wm) | An issue was discovered in Rancher versions up to and including 2.7.13 and 2.8.4, where custom secrets encryption configurations are stored in plaintext under the clusters `AppliedSpec`. This also causes clusters to continuously reconcile, as the `AppliedSpec` would never match the desired cluster `Spec`. The stored information contains the encryption configuration for secrets within etcd, and could potentially expose sensitive data if the etcd database was exposed directly. | 17 Jun 2024 | Rancher [v2.8.5](https://github.com/rancher/rancher/releases/tag/v2.8.5) and [v2.7.14](https://github.com/rancher/rancher/releases/tag/v2.7.14) |
| [CVE-2023-32196](https://github.com/rancher/rancher/security/advisories/GHSA-64jq-m7rq-768h) | An issue was discovered in Rancher versions up to and including 2.7.13 and 2.8.4, where the webhook rule resolver ignores rules from a `ClusterRole` for an external `RoleTemplate` set with `.context=project` or `.context=""`. This allows a user to create an external `ClusterRole` with `.context=project` or `.context=""`, depending on the use of the new feature flag `external-rules` and backing `ClusterRole`. | 17 Jun 2024 | Rancher [v2.8.5](https://github.com/rancher/rancher/releases/tag/v2.8.5) and [v2.7.14](https://github.com/rancher/rancher/releases/tag/v2.7.14) |
| [CVE-2023-22650](https://github.com/rancher/rancher/security/advisories/GHSA-9ghh-mmcq-8phc) | An issue was discovered in Rancher versions up to and including 2.7.13 and 2.8.4, where Rancher did not have a user retention process for when external authentication providers are used, that could be configured to run periodically and disable and/or delete inactive users. The new user retention process added in Rancher v2.8.5 and Rancher v2.7.14 is disabled by default. If enabled, a user becomes subject to the retention process if they don't log in for a configurable period of time. It's possible to set overrides for user accounts that are primarily intended for programmatic access (e.g. CI, scripts, etc.) so that they don't become subject to the retention process for a longer period of time or at all. | 17 Jun 2024 | Rancher [v2.8.5](https://github.com/rancher/rancher/releases/tag/v2.8.5) and [v2.7.14](https://github.com/rancher/rancher/releases/tag/v2.7.14) |
Expand Down
6 changes: 5 additions & 1 deletion ...s/version-2.9/reference-guides/rancher-security/security-advisories-and-cves.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,11 @@ Rancher is committed to informing the community of security issues in our produc

| ID | Description | Date | Resolution |
|----|-------------|------|------------|
| [CVE-2024-22030](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22030) | A vulnerability was discovered in Rancher's and Fleet's agents, currently deemed a medium to high severity CVE, that under very specific circumstances allows a malicious actor to take over existing Rancher nodes. The attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain in order to exploit this vulnerability. The targeted domain is the one used as the Rancher URL (the server-url of the Rancher cluster). At the moment there is no fix available and it affects all supported versions of Rancher. Customers and users are advised to follow the recommendations and best practices described in our [blog post](https://www.suse.com/c/rancher-security-update/). | 16 Feb 2024 | Pending |
[CVE-2024-22030](https://github.com/rancher/rancher/security/advisories/GHSA-h4h5-9833-v2p4) | A high severity vulnerability was discovered in Rancher's agents that under very specific circumstances allows a malicious actor to take over existing Rancher nodes. The attacker needs to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain in order to exploit this vulnerability. The targeted domain is the one used as the Rancher URL (the `server-url` of the Rancher cluster). | 19 Sep 2024 | Rancher [v2.9.2](https://github.com/rancher/rancher/releases/tag/v2.9.2), [v2.8.8](https://github.com/rancher/rancher/releases/tag/v2.8.8) and [v2.7.15](https://github.com/rancher/rancher/releases/tag/v2.7.15) |

Check warning on line 13 in versioned_docs/version-2.9/reference-guides/rancher-security/security-advisories-and-cves.md

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[common.Editorializing] Consider removing 'very'

Raw Output:
{"message": "[common.Editorializing] Consider removing 'very'", "location": {"path": "versioned_docs/version-2.9/reference-guides/rancher-security/security-advisories-and-cves.md", "range": {"start": {"line": 13, "column": 172}}}, "severity": "WARNING"}
| [CVE-2024-22032](https://github.com/rancher/rancher/security/advisories/GHSA-q6c7-56cq-g2wm) | An issue was discovered in Rancher versions up to and including 2.7.13 and 2.8.4, where custom secrets encryption configurations are stored in plaintext under the clusters `AppliedSpec`. This also causes clusters to continuously reconcile, as the `AppliedSpec` would never match the desired cluster `Spec`. The stored information contains the encryption configuration for secrets within etcd, and could potentially expose sensitive data if the etcd database was exposed directly. | 17 Jun 2024 | Rancher [v2.8.5](https://github.com/rancher/rancher/releases/tag/v2.8.5) and [v2.7.14](https://github.com/rancher/rancher/releases/tag/v2.7.14) |
| [CVE-2023-32196](https://github.com/rancher/rancher/security/advisories/GHSA-64jq-m7rq-768h) | An issue was discovered in Rancher versions up to and including 2.7.13 and 2.8.4, where the webhook rule resolver ignores rules from a `ClusterRole` for an external `RoleTemplate` set with `.context=project` or `.context=""`. This allows a user to create an external `ClusterRole` with `.context=project` or `.context=""`, depending on the use of the new feature flag `external-rules` and backing `ClusterRole`. | 17 Jun 2024 | Rancher [v2.8.5](https://github.com/rancher/rancher/releases/tag/v2.8.5) and [v2.7.14](https://github.com/rancher/rancher/releases/tag/v2.7.14) |
| [CVE-2023-22650](https://github.com/rancher/rancher/security/advisories/GHSA-9ghh-mmcq-8phc) | An issue was discovered in Rancher versions up to and including 2.7.13 and 2.8.4, where Rancher did not have a user retention process for when external authentication providers are used, that could be configured to run periodically and disable and/or delete inactive users. The new user retention process added in Rancher v2.8.5 and Rancher v2.7.14 is disabled by default. If enabled, a user becomes subject to the retention process if they don't log in for a configurable period of time. It's possible to set overrides for user accounts that are primarily intended for programmatic access (e.g. CI, scripts, etc.) so that they don't become subject to the retention process for a longer period of time or at all. | 17 Jun 2024 | Rancher [v2.8.5](https://github.com/rancher/rancher/releases/tag/v2.8.5) and [v2.7.14](https://github.com/rancher/rancher/releases/tag/v2.7.14) |

Check failure on line 16 in versioned_docs/version-2.9/reference-guides/rancher-security/security-advisories-and-cves.md

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[common.Contractions] Use 'do not' instead of 'don't'.

Raw Output:
{"message": "[common.Contractions] Use 'do not' instead of 'don't'.", "location": {"path": "versioned_docs/version-2.9/reference-guides/rancher-security/security-advisories-and-cves.md", "range": {"start": {"line": 16, "column": 539}}}, "severity": "ERROR"}

Check failure on line 16 in versioned_docs/version-2.9/reference-guides/rancher-security/security-advisories-and-cves.md

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[common.Contractions] Use 'it is' instead of 'It's'.

Raw Output:
{"message": "[common.Contractions] Use 'it is' instead of 'It's'.", "location": {"path": "versioned_docs/version-2.9/reference-guides/rancher-security/security-advisories-and-cves.md", "range": {"start": {"line": 16, "column": 587}}}, "severity": "ERROR"}

Check failure on line 16 in versioned_docs/version-2.9/reference-guides/rancher-security/security-advisories-and-cves.md

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[common.Latin] Use 'for example' instead of 'e.g.'.

Raw Output:
{"message": "[common.Latin] Use 'for example' instead of 'e.g.'.", "location": {"path": "versioned_docs/version-2.9/reference-guides/rancher-security/security-advisories-and-cves.md", "range": {"start": {"line": 16, "column": 689}}}, "severity": "ERROR"}

Check failure on line 16 in versioned_docs/version-2.9/reference-guides/rancher-security/security-advisories-and-cves.md

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[common.Contractions] Use 'do not' instead of 'don't'.

Raw Output:
{"message": "[common.Contractions] Use 'do not' instead of 'don't'.", "location": {"path": "versioned_docs/version-2.9/reference-guides/rancher-security/security-advisories-and-cves.md", "range": {"start": {"line": 16, "column": 726}}}, "severity": "ERROR"}
| [CVE-2023-32191](https://github.com/rancher/rke/security/advisories/GHSA-6gr4-52w6-vmqx) | An issue was discovered in Rancher versions up to and including 2.7.13 and 2.8.4, in which supported RKE versions store credentials inside a ConfigMap that can be accessible by non-administrative users in Rancher. This vulnerability only affects an RKE-provisioned cluster. | 17 Jun 2024 | Rancher [v2.8.5](https://github.com/rancher/rancher/releases/tag/v2.8.5) and [v2.7.14](https://github.com/rancher/rancher/releases/tag/v2.7.14) |
| [CVE-2023-32193](https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6) | An issue was discovered in Rancher versions up to and including 2.6.13, 2.7.9 and 2.8.1, where multiple Cross-Site Scripting (XSS) vulnerabilities can be exploited via the Rancher UI (Norman). | 8 Feb 2024 | Rancher [v2.8.2](https://github.com/rancher/rancher/releases/tag/v2.8.2), [v2.7.10](https://github.com/rancher/rancher/releases/tag/v2.7.10) and [v2.6.14](https://github.com/rancher/rancher/releases/tag/v2.6.14) |
| [CVE-2023-32192](https://github.com/rancher/apiserver/security/advisories/GHSA-833m-37f7-jq55) | An issue was discovered in Rancher versions up to and including 2.6.13, 2.7.9 and 2.8.1, where multiple Cross-Site Scripting (XSS) vulnerabilities can be exploited via the Rancher UI (Apiserver). | 8 Feb 2024 | Rancher [v2.8.2](https://github.com/rancher/rancher/releases/tag/v2.8.2), [v2.7.10](https://github.com/rancher/rancher/releases/tag/v2.7.10) and [v2.6.14](https://github.com/rancher/rancher/releases/tag/v2.6.14) |
| [CVE-2023-22649](https://github.com/rancher/rancher/security/advisories/GHSA-xfj7-qf8w-2gcr) | An issue was discovered in Rancher versions up to and including 2.6.13, 2.7.9 and 2.8.1, in which sensitive data may be leaked into Rancher's audit logs. | 8 Feb 2024 | Rancher [v2.8.2](https://github.com/rancher/rancher/releases/tag/v2.8.2), [v2.7.10](https://github.com/rancher/rancher/releases/tag/v2.7.10) and [v2.6.14](https://github.com/rancher/rancher/releases/tag/v2.6.14) |
Expand Down

0 comments on commit c54dfad

Please sign in to comment.