{"id":"CVE-2021-36776","details":"A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.","aliases":["GHSA-gvh9-xgrq-r8hw","GO-2024-2771"],"modified":"2026-04-12T00:40:00.797609Z","published":"2022-04-04T13:15:07.530Z","references":[{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1189413"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rancher/rancher","events":[{"introduced":"0"},{"fixed":"074997087ad65d6e0dd3551201e9929804e853c9"}],"database_specific":{"cpe":"cpe:2.3:a:rancher:rancher:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.5.10"}],"source":"CPE_FIELD"}}],"versions":["v2.0.0","v2.0.0-alpha11","v2.0.0-alpha12","v2.0.0-alpha14","v2.0.0-alpha17","v2.0.0-alpha18","v2.0.0-alpha19","v2.0.0-alpha20","v2.0.0-alpha21","v2.0.0-alpha22","v2.0.0-alpha23","v2.0.0-alpha24","v2.0.0-alpha25","v2.0.0-alpha26","v2.0.0-alpha27","v2.0.0-alpha28","v2.0.0-beta1","v2.0.0-beta2","v2.0.0-beta3","v2.0.0-beta3-rc1","v2.0.0-beta4","v2.0.0-beta4-rc1","v2.0.0-beta4-rc2","v2.0.0-beta4-rc3","v2.0.0-beta4-rc4","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.0-rc4","v2.0.0-rc5","v2.0.1","v2.0.1-rc1","v2.0.1-rc2","v2.0.1-rc3","v2.0.1-rc4","v2.0.1-rc5","v2.0.1-rc6","v2.0.2","v2.0.2-rc1","v2.0.3","v2.0.3-rc1","v2.0.3-rc2","v2.0.3-rc3","v2.0.3-rc4","v2.0.3-rc5","v2.0.4","v2.0.4-rc1","v2.0.5","v2.0.5-rc1","v2.0.5-rc2","v2.0.5-rc3","v2.0.5-rc4","v2.0.5-rc5","v2.0.5-rc6","v2.0.6","v2.0.6-rc1","v2.0.6-rc2","v2.0.7","v2.0.7-rc1","v2.0.7-rc2","v2.0.7-rc3","v2.0.7-rc4","v2.0.7-rc5","v2.0.7-rc6","v2.0.8-rc2","v2.1.0","v2.1.0-rc1","v2.1.0-rc10","v2.1.0-rc2","v2.1.0-rc3","v2.1.0-rc4","v2.1.0-rc5","v2.1.0-rc6","v2.1.0-rc7","v2.1.0-rc8","v2.1.0-rc9","v2.2.0","v2.2.0-rc1","v2.2.0-rc10","v2.2.0-rc11","v2.2.0-rc12","v2.2.0-rc13","v2.2.0-rc14","v2.2.0-rc15","v2.2.0-rc2","v2.2.0-rc3","v2.2.0-rc4","v2.2.0-rc5","v2.2.0-rc6","v2.2.0-rc7","v2.2.0-rc8","v2.2.0-rc9","v2.3.0-alpha4","v2.3.0-alpha5","v2.3.0-alpha6","v2.3.0-alpha7","v2.3.0-rc1","v2.3.0-rc10","v2.3.0-rc2","v2.3.0-rc3","v2.3.0-rc4","v2.3.0-rc5","v2.3.0-rc6","v2.3.0-rc7","v2.3.0-rc8","v2.3.0-rc9","v2.3.7-draft","v2.4.0-alpha1","v2.4.0-rc1","v2.4.0-rc10","v2.4.0-rc11","v2.4.0-rc2","v2.4.0-rc3","v2.4.0-rc4","v2.4.0-rc5","v2.4.0-rc6","v2.4.0-rc7","v2.4.0-rc8","v2.4.0-rc9","v2.5.0","v2.5.0-alpha1","v2.5.0-alpha2","v2.5.0-alpha3","v2.5.0-alpha4","v2.5.0-alpha5","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.0-rc4","v2.5.0-rc5","v2.5.0-rc6","v2.5.0-rc7","v2.5.0-rc8","v2.5.0-rc9","v2.5.1","v2.5.1-rc1","v2.5.10-rc1","v2.5.10-rc2","v2.5.10-rc3","v2.5.10-rc4","v2.5.10-rc5","v2.5.10-rc6","v2.5.2","v2.5.2-rc","v2.5.2-rc1","v2.5.2-rc10","v2.5.2-rc2","v2.5.2-rc3","v2.5.2-rc4","v2.5.2-rc5","v2.5.2-rc6","v2.5.2-rc7","v2.5.2-rc8","v2.5.2-rc9","v2.5.4","v2.5.4-rc1","v2.5.4-rc2","v2.5.4-rc3","v2.5.4-rc4","v2.5.4-rc5","v2.5.4-rc6","v2.5.4-rc7","v2.5.4-rc8","v2.5.4-rc9","v2.5.6","v2.5.6-rc1","v2.5.6-rc2","v2.5.6-rc3","v2.5.6-rc4","v2.5.6-rc5","v2.5.6-rc6","v2.5.6-rc7","v2.5.6-rc8","v2.5.6-rc9","v2.5.8","v2.5.8-rc10","v2.5.8-rc11","v2.5.8-rc12","v2.5.8-rc13","v2.5.8-rc14","v2.5.8-rc15","v2.5.8-rc16","v2.5.8-rc17","v2.5.8-rc18","v2.5.8-rc19","v2.5.8-rc2","v2.5.8-rc20","v2.5.8-rc21","v2.5.8-rc3","v2.5.8-rc4","v2.5.8-rc5","v2.5.8-rc6","v2.5.8-rc7","v2.5.8-rc8","v2.5.8-rc9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36776.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}