Vulnerability Database

308,926

Total vulnerabilities in the database

CVE-2017-7297

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.

Published: Mar 29, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-7297
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
suse / rancher	1.4.0	1.4.3
suse / rancher	1.5.0	1.5.3
suse / rancher	1.3.0	1.3.5
suse / rancher	1.2.0	1.2.4

http://www.securityfocus.com/bid/97180
https://github.com/rancher/rancher/issues/8296

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo