| id: GO-2024-2764 |
| modules: |
| - module: github.com/rancher/rancher |
| versions: |
| - introduced: 2.0.0+incompatible |
| - fixed: 2.1.6+incompatible |
| vulnerable_at: 2.1.6-rc5+incompatible |
| summary: |- |
| Rancher Project Members Have Continued Access to Namespaces After Being Removed |
| From Them in github.com/rancher/rancher |
| cves: |
| - CVE-2019-6287 |
| ghsas: |
| - GHSA-6r7x-4q7g-h83j |
| references: |
| - advisory: https://github.com/advisories/GHSA-6r7x-4q7g-h83j |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-6287 |
| - report: https://github.com/rancher/rancher/issues/17244 |
| - report: https://github.com/rancher/rancher/issues/17724 |
| - web: https://forums.rancher.com/t/rancher-release-v2-1-6/13148 |
| - web: https://forums.rancher.com/t/rancher-security-announcement-cve-2018-20321-and-cve-2019-6287/13149 |
| - web: https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11 |
| source: |
| id: GHSA-6r7x-4q7g-h83j |
| created: 2024-06-04T15:28:51.235603-04:00 |
| review_status: UNREVIEWED |
