CVE-2021-32001 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-32001 Interim 1 9 2025-02-17T00:38:06Z current 2021-07-20T00:42:28Z 2025-02-17T00:38:06Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-32001 K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions; RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://github.com/k3s-io/k3s/security/advisories/GHSA-cxm9-4m6p-24mc E-Mail link for GHSA-cxm9-4m6p-24mc https://github.com/rancher/rke2/security/advisories/GHSA-hvj9-vfxp-c3cf E-Mail link for GHSA-hvj9-vfxp-c3cf https://www.suse.com/support/security/rating/ SUSE Security Ratings K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions; RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions. CVE-2021-32001 important 4 AV:N/AC:L/Au:S/C:P/I:N/A:N 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H