+31 (0) 546-714360
0

Shock Media engineers discover critical vulnerability in Rancher (CVE-2021-36782).

  • Reading time: 1 minutes

Engineers at Shock Media have discovered a major vulnerability in Rancher. Rancher is software used to manage Kubernetes clusters. Due to this flaw, a user with read-only rights can bypass security and gain admin or even root rights on hosts. The issue was reported immediately to Rancher, who conducted a prompt investigation and resolved the problem (CVE-2021-36782) in versions 2.6.7 and 2.5.16.

 

The Managed App platform by Shock Media

Since early last year, Shock Media has had its own Managed App platform. This container platform, based on Kubernetes, is designed to relieve developers of operational tasks and to make deploying and scaling applications simple. The experience our DevOps engineers have with setting up applications in a container landscape is highly valued by our customers, but our strong focus on security is also an important reason for developers to join our Managed App platform.

Privilege escalation vulnerability in Rancher

During a routine security review of Shock Media’s Managed App platform, Marco Stuurman, DevOps engineer at Shock Media, discovered a significant vulnerability in Rancher. Marco found that a regular read-only user within Rancher could read more information than should be possible. By extracting the right information and exploiting it in a specific way, the user can obtain elevated rights within the cluster and even perform so-called “privileged deployments.” Ultimately, it is possible through this vulnerability to gain administrator or even root rights on the hosts and access (information on) other Kubernetes clusters.

Reporting and handling by Rancher

After discovery, the vulnerability was validated by two other engineers. Once validated, the vulnerability was reported to Rancher in a responsible and secure manner, using an encrypted report and Proof-of-Concept. Rancher quickly confirmed the vulnerability and responded appropriately by launching an investigation. According to Rancher’s developer, the vulnerability is present in supported versions 2.5.15 and 2.6.6. The vulnerability, which was given CVE number CVE-2021-36782, has a CVSS score of 9.9 and is therefore considered very critical. On 19-08-2022, Rancher released a patch (version 2.6.7 and 2.5.16) that resolves the vulnerability. More information about the vulnerability and the patch can be found on Rancher’s Github page and will also be available on the Rancher Website.

Advice and solutions

Of course, we have also taken immediate measures ourselves to reduce the risk of misuse of this vulnerability on our Managed App platform and have applied the released patch. To fix the vulnerability, we also advise other administrators to update Rancher to version 2.6.7 or 2.5.16 as soon as possible. In addition, it is best practice to restrict access to the Rancher management interface as much as possible and only make it accessible to trusted administrators.

Want to know more about our Managed App platform?

Curious about the benefits and possibilities of joining our Managed App platform? Feel free to contact us for a no-obligation introduction!

Interested in what you see? Share this with someone you know.

Maureen Kerkemeijer
Maureen KerkemeijerContent Marketeer
Go to:

Other news

Virtual teams, in-depth technology, complex challenges and personal growth

Working at Shock Media means working at the most enjoyable and largest managed hosting provider in the Netherlands. We build future-proof solutions wi…
Lees meer

Observability in Laravel, more insight into your application

There comes a point where your website or web application starts to grow and it becomes increasingly busy. This makes it more and more important that…
Lees meer

Hosting migrations: the migration process of Kobalt

The migration of your applications often feels like a big and exciting step. No worries. At Shock Media, we handle the most diverse migrations almost…
Lees meer

The role of Shock Media in the open web concept

Municipalities in the Netherlands must all comply with laws and regulations. This means that their websites must be secure and accessible for citizens…
Lees meer

Sovereign Cloud: Control, Compliance, and Data Localization

Many Dutch organizations place their applications and data in the cloud. Well-known platforms such as Microsoft Azure, AWS, and Google Cloud are popul…
Lees meer

Shock Media successfully completes SOC 2 and ISAE 3402 type 2 audits

In an era of stricter laws and regulations, increasing cybersecurity requirements, and supply chain responsibility, high-quality and secure Managed Ho…
Lees meer

No more hosting issues – let us help you!

With 25+ years of experience, we provide fast, secure hosting – always with personal 24/7 support. Join thousands of satisfied customers and make your website shine. Contact us now for a free consultation!
Send us a message

Personal 24/7 support

Direct contact with specialized engineers, available day and night.

Certified quality & security

ISO 27001, NEN 7510, ISO 9001, SOC 2 and
ISAE 3402 certified.

Experienced team with Linux specialists

More than 25 years of hosting expertise for business-critical environments.

We offer 24/7 managed solutions for websites, webshops, and applications. This allows you to stay focused and rely on a stable, fast, and secure environment.

  • Managed Cloud Servers
  • Managed App Platform
  • Managed Kubernetes
  • Private Cloud
  • Public Cloud
  • Linux Server Management
  • Security Management
  • All solutions

Fully optimized solutions for your framework and/or CMS. Maximum speed, performance, and technical support.

  • WordPress Hosting
  • Magento Hosting
  • Laravel Hosting
  • Drupal Hosting
  • Craft Hosting
  • Medical Hosting
  • Custom Hosting
  • All applications

With industry-specific knowledge, we give you a technological edge. Discover the possibilities and solutions that suit you!

  • Digital Agencies
  • eCommerce
  • SaaS Providers
  • Enterprise & Government
  • Healthcare
  • iGaming
  • Managed Service Providers (MSP)
  • All branches
+31 (0) 546-714360
info@shockmedia.nl
View current notifications
0