Search

Find a vulnerability

Search criteria

    71 vulnerabilities found for Rancher by SUSE

    CVE-2026-44937 (GCVE-0-2026-44937)

    Vulnerability from nvd – Published: 2026-07-06 09:52 – Updated: 2026-07-06 12:46
    VLAI
    Title
    SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components
    Summary
    Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side request forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.15.0 , < 0.15.2 (semver)
    Affected: 0.14.0 , < 0.14.6 (semver)
    Affected: 0.13.0 , < 0.13.11 (semver)
    Affected: 0.12.0 , < 0.12.15 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 09:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44937",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T12:46:52.400471Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T12:46:59.551Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Fleet",
              "product": "Rancher",
              "repo": "https://github.com/rancher/fleet/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.15.2",
                  "status": "affected",
                  "version": "0.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.14.6",
                  "status": "affected",
                  "version": "0.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.13.11",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.12.15",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-05-28T09:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system."
                }
              ],
              "value": "Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side request forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T09:52:18.659Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/fleet/security/advisories/GHSA-jmf4-m7j9-g72r"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44937",
        "datePublished": "2026-07-06T09:52:18.659Z",
        "dateReserved": "2026-05-08T12:29:48.967Z",
        "dateUpdated": "2026-07-06T12:46:59.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44936 (GCVE-0-2026-44936)

    Vulnerability from nvd – Published: 2026-07-06 09:30 – Updated: 2026-07-06 12:47
    VLAI
    Title
    Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml
    Summary
    Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side request forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.15.0 , < 0.15.2 (semver)
    Affected: 0.14.0 , < 0.14.6 (semver)
    Affected: 0.13.0 , < 0.13.11 (semver)
    Affected: 0.12.0 , < 0.12.15 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 09:28
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44936",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T12:47:38.527371Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T12:47:45.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Fleet",
              "product": "Rancher",
              "repo": "https://github.com/rancher/fleet",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.15.2",
                  "status": "affected",
                  "version": "0.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.14.6",
                  "status": "affected",
                  "version": "0.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.13.11",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.12.15",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-05-28T09:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing filtering when the \u003ccode\u003ehelmRepoURLRegex\u003c/code\u003e field isn\u0027t set on a \u003ccode\u003eGitRepo\u003c/code\u003e resource in SUSE Rancher Fleet\u0027s bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (\u003ccode\u003eBasicAuth\u003c/code\u003e) to any URL specified in the \u003ccode\u003ehelm.repo\u003c/code\u003e field of a \u003ccode\u003efleet.yaml\u003c/code\u003e file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials."
                }
              ],
              "value": "Missing filtering when the helmRepoURLRegex field isn\u0027t set on a GitRepo resource in SUSE Rancher Fleet\u0027s bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side request forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T09:30:20.688Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/advisories/GHSA-hx4v-cxpf-vh8m"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44936",
        "datePublished": "2026-07-06T09:30:20.688Z",
        "dateReserved": "2026-05-08T12:29:48.967Z",
        "dateUpdated": "2026-07-06T12:47:45.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44934 (GCVE-0-2026-44934)

    Vulnerability from nvd – Published: 2026-07-06 08:45 – Updated: 2026-07-06 18:53
    VLAI
    Title
    Exposed tokens in SUSE Rancher AI Agent logs
    Summary
    A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-215 - Insertion of sensitive information into debugging code
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 1.0.0 , < 1.0.2 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 08:53
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:53:12.072112Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T18:53:22.226Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Rancher AI Agent",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher-ai-agent",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.0.2",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "loglevel set to DEBUG"
                }
              ],
              "value": "loglevel set to DEBUG"
            }
          ],
          "datePublic": "2026-05-28T08:53:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials."
                }
              ],
              "value": "A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-215",
                  "description": "CWE-215 Insertion of sensitive information into debugging code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T08:53:57.978Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher-ai-agent/security/advisories/GHSA-5r2r-h824-fr5v"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Exposed tokens in SUSE Rancher AI Agent logs",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44934",
        "datePublished": "2026-07-06T08:45:26.864Z",
        "dateReserved": "2026-05-08T12:29:48.967Z",
        "dateUpdated": "2026-07-06T18:53:22.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44935 (GCVE-0-2026-44935)

    Vulnerability from nvd – Published: 2026-07-02 16:00 – Updated: 2026-07-03 03:56
    VLAI
    Title
    Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer
    Summary
    Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper validation of specified type of input
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.15.0 , < 0.15.2 (semver)
    Affected: 0.14.0 , < 0.14.6 (semver)
    Affected: 0.13.0 , < 0.13.11 (semver)
    Affected: 0.12.0 , < 0.12.15 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 15:26
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:56:15.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Fleett",
              "product": "Rancher",
              "repo": "https://github.com/rancher/fleet/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.15.2",
                  "status": "affected",
                  "version": "0.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.14.6",
                  "status": "affected",
                  "version": "0.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.13.11",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.12.15",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-05-28T15:26:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cbr\u003eMissing validation of \"valuesFrom\" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.\u003c/div\u003e"
                }
              ],
              "value": "Missing validation of \"valuesFrom\" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287 Improper validation of specified type of input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T16:01:11.745Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/fleet/security/advisories/GHSA-xr65-5cpm-g36x"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44935",
        "datePublished": "2026-07-02T16:00:06.751Z",
        "dateReserved": "2026-05-08T12:29:48.967Z",
        "dateUpdated": "2026-07-03T03:56:15.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44948 (GCVE-0-2026-44948)

    Vulnerability from nvd – Published: 2026-06-30 15:12 – Updated: 2026-06-30 16:00
    VLAI
    Title
    Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler
    Summary
    A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative path traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.12.0 , < 0.12.16 (semver)
    Affected: 0.13.0 , < 0.13.12 (semver)
    Affected: 0.14.0 , < 0.14.7 (semver)
    Affected: 0.15.0 , < 0.15.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-29 15:08
    Credits
    Sergey Kanibor
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44948",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T15:59:49.142430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T16:00:33.240Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Fleet",
              "product": "Rancher",
              "repo": "https://github.com/rancher/fleet/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.12.16",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.13.12",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.14.7",
                  "status": "affected",
                  "version": "0.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.15.3",
                  "status": "affected",
                  "version": "0.15.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sergey Kanibor"
            }
          ],
          "datePublic": "2026-06-29T15:08:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A path traversal vulnerability was found in Fleet\u0027s ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service."
                }
              ],
              "value": "A path traversal vulnerability was found in Fleet\u0027s ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative path traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:12:17.346Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/fleet/security/advisories/GHSA-c45g-6c2c-rj3p"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44948",
        "datePublished": "2026-06-30T15:12:17.346Z",
        "dateReserved": "2026-05-08T12:29:48.969Z",
        "dateUpdated": "2026-06-30T16:00:33.240Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44949 (GCVE-0-2026-44949)

    Vulnerability from nvd – Published: 2026-06-30 14:41 – Updated: 2026-06-30 15:10
    VLAI
    Title
    Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook
    Summary
    A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to the in-cluster rancher-webhook service could submit a crafted admission payload and cause workspace-related Kubernetes objects to be created with attacker-chosen identity data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.7.0 , < 0.7.10 (semver)
    Affected: 0.8.0 , < 0.8.7 (semver)
    Affected: 0.9.0 , < 0.9.6 (semver)
    Affected: 0.10.0 , < 0.10.7 (semver)
    Create a notification for this product.
    Date Public
    2026-06-29 14:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44949",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T15:10:07.132296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T15:10:17.154Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Webhook",
              "product": "Rancher",
              "repo": "https://github.com/rancher/webhook/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.7.10",
                  "status": "affected",
                  "version": "0.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.8.7",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.9.6",
                  "status": "affected",
                  "version": "0.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.10.7",
                  "status": "affected",
                  "version": "0.10.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-06-29T14:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Rancher FleetWorkspace admission path allowed side effects to occur in\n the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to\n the in-cluster \u003ccode\u003erancher-webhook\u003c/code\u003e service\n could submit a crafted admission payload and cause workspace-related \nKubernetes objects to be created with attacker-chosen identity data."
                }
              ],
              "value": "A Rancher FleetWorkspace admission path allowed side effects to occur in\n the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to\n the in-cluster rancher-webhook service\n could submit a crafted admission payload and cause workspace-related \nKubernetes objects to be created with attacker-chosen identity data."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:41:34.007Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/webhook/security/advisories/GHSA-h83p-cq95-vph4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44949",
        "datePublished": "2026-06-30T14:41:34.007Z",
        "dateReserved": "2026-05-08T12:29:48.969Z",
        "dateUpdated": "2026-06-30T15:10:17.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44947 (GCVE-0-2026-44947)

    Vulnerability from nvd – Published: 2026-06-30 14:21 – Updated: 2026-06-30 15:03
    VLAI
    Title
    Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher
    Summary
    A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-281 - Improper preservation of permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 2.13.0 , < 2.13.7 (semver)
    Affected: 2.14.0 , < 2.14.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-29 14:20
    Credits
    Isaac David
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44947",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T15:03:37.236401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T15:03:44.276Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Rancher",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.13.7",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.14.3",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Isaac David"
            }
          ],
          "datePublic": "2026-06-29T14:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate."
                }
              ],
              "value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281 Improper preservation of permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:21:01.291Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-c4rp-wgqc-mfhc"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44947",
        "datePublished": "2026-06-30T14:21:01.291Z",
        "dateReserved": "2026-05-08T12:29:48.969Z",
        "dateUpdated": "2026-06-30T15:03:44.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44946 (GCVE-0-2026-44946)

    Vulnerability from nvd – Published: 2026-06-30 12:14 – Updated: 2026-07-01 03:55
    VLAI
    Title
    SAML Authentication Replay in Rancher
    Summary
    A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication bypass by capture-replay
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 2.14.0 , < 2.14.3 (semver)
    Affected: 2.13.0 , < 2.13.7 (semver)
    Affected: 2.12.0 , < 2.12.11 (semver)
    Affected: 2.11.0 , < 2.11.15 (semver)
    Create a notification for this product.
    Date Public
    2026-06-29 12:07
    Credits
    Corban Villa corban.villa@berkeley.edu of a U.C. Berkeley security research project by: Austin Chu, Sohee Kim, and Corban Villa
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44946",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T03:55:46.881Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Rancher",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.14.3",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.13.7",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.12.11",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.11.15",
                  "status": "affected",
                  "version": "2.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Corban Villa corban.villa@berkeley.edu of a U.C. Berkeley security research project by: Austin Chu, Sohee Kim, and Corban Villa"
            }
          ],
          "datePublic": "2026-06-29T12:07:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A SAML authentication replay vulnerability in Rancher\u0027s Assertion\n Consumer Service (ACS) handler did not enforce \none-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,\u0026nbsp; \u0026nbsp;"
                }
              ],
              "value": "A SAML authentication replay vulnerability in Rancher\u0027s Assertion\n Consumer Service (ACS) handler did not enforce \none-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication bypass by capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T12:14:54.269Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-c5jm-xcmq-9j95"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SAML Authentication Replay in Rancher",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44946",
        "datePublished": "2026-06-30T12:14:54.269Z",
        "dateReserved": "2026-05-08T12:29:48.969Z",
        "dateUpdated": "2026-07-01T03:55:46.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41053 (GCVE-0-2026-41053)

    Vulnerability from nvd – Published: 2026-06-30 11:38 – Updated: 2026-07-01 03:55
    VLAI
    Title
    Over-inclusive team membership expansion in GitHub App authentication provider for Rancher
    Summary
    Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-303 - Incorrect implementation of authentication algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 2.14.0 , < 2.14.2 (semver)
    Affected: 2.13.0 , < 2.13.6 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 11:31
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T03:55:47.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "github auth provider"
              ],
              "packageName": "Rancher",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.14.2",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.13.6",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-05-28T11:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2."
                }
              ],
              "value": "Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-303",
                  "description": "CWE-303 Incorrect implementation of authentication algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T11:38:25.060Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-4j6x-2764-m8gh"
            }
          ],
          "source": {
            "defect": [
              "secsys_codex@163.com"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Over-inclusive team membership expansion in GitHub App authentication provider for Rancher",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41053",
        "datePublished": "2026-06-30T11:38:25.060Z",
        "dateReserved": "2026-04-16T13:37:50.680Z",
        "dateUpdated": "2026-07-01T03:55:47.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41052 (GCVE-0-2026-41052)

    Vulnerability from nvd – Published: 2026-06-29 15:41 – Updated: 2026-06-30 03:55
    VLAI
    Title
    Rancher Privilege Escalation from Project Owner to Host
    Summary
    Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication bypass by primary weakness
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 2.12.0 , < 2.12.10 (semver)
    Affected: 2.13.0 , < 2.13.6 (semver)
    Affected: 2.14.0 , < 2.14.2 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 11:14
    Credits
    Radtke Benedikt <Radtke@iabg.de> - github.com/Trolldemorted and Munier Marc <Munier@iabg.de> - github.com/mmunier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T03:55:34.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Rancher",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.12.10",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.13.6",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.14.2",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Radtke Benedikt \u003cRadtke@iabg.de\u003e - github.com/Trolldemorted and Munier Marc \u003cMunier@iabg.de\u003e - github.com/mmunier"
            }
          ],
          "datePublic": "2026-05-28T11:14:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper privilege handling could be used by users with\u0026nbsp;Project Owner role to escalate privileges, in Rancher versions\u0026nbsp;2.14 before 2.14.2,\u0026nbsp;2.13 before 2.13.6, and\u0026nbsp;2.12 before 2.12.10."
                }
              ],
              "value": "Improper privilege handling could be used by users with\u00a0Project Owner role to escalate privileges, in Rancher versions\u00a02.14 before 2.14.2,\u00a02.13 before 2.13.6, and\u00a02.12 before 2.12.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 Authentication bypass by primary weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T15:41:56.394Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-vx8h-4prv-g744"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher Privilege Escalation from Project Owner to Host",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41052",
        "datePublished": "2026-06-29T15:41:56.394Z",
        "dateReserved": "2026-04-16T13:37:50.680Z",
        "dateUpdated": "2026-06-30T03:55:34.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44939 (GCVE-0-2026-44939)

    Vulnerability from nvd – Published: 2026-06-19 12:13 – Updated: 2026-06-24 03:56
    VLAI
    Title
    Command injection through unsanitized YAML parameter in Rancher
    Summary
    A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-95 - Improper neutralization of directives in dynamically evaluated code ('eval injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 2.14.0 , < 2.14.2 (semver)
    Affected: 2.13.0 , < 2.13.6 (semver)
    Affected: 2.12.0 , < 2.12.10 (semver)
    Affected: 2.11.0 , < 2.11.14 (semver)
    Affected: 2.10.0 , < 2.10.12 (semver)
    Create a notification for this product.
    Date Public
    2026-05-27 16:36
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44939",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:15.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Rancher",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.14.2",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.13.6",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.12.10",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.11.14",
                  "status": "affected",
                  "version": "2.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.12",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-05-27T16:36:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint  \u003ccode\u003e/v3/import/{token}_{clusterId}.yaml\u003c/code\u003e through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers."
                }
              ],
              "value": "A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint  /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-95",
                  "description": "CWE-95 Improper neutralization of directives in dynamically evaluated code (\u0027eval injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T12:13:39.936Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-mhc6-2gfq-xx62"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection through unsanitized YAML parameter in Rancher",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44939",
        "datePublished": "2026-06-19T12:13:39.936Z",
        "dateReserved": "2026-05-08T12:29:48.967Z",
        "dateUpdated": "2026-06-24T03:56:15.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41050 (GCVE-0-2026-41050)

    Vulnerability from nvd – Published: 2026-05-13 08:04 – Updated: 2026-05-14 03:55
    VLAI
    Title
    Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering
    Summary
    Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.15.0 , < 0.15.1 (semver)
    Affected: 0.14.0 , < 0.14.5 (semver)
    Affected: 0.13.0 , < 0.13.10 (semver)
    Affected: 0.12.0 , < 0.12.14 (semver)
    Affected: 0.11.0 , < 0.11.13 (semver)
    Create a notification for this product.
    Credits
    https://github.com/kodareef5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41050",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T03:55:58.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/fleet",
              "product": "Rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.15.1",
                  "status": "affected",
                  "version": "0.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.14.5",
                  "status": "affected",
                  "version": "0.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.13.10",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.12.14",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.11.13",
                  "status": "affected",
                  "version": "0.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "https://github.com/kodareef5"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`."
                }
              ],
              "value": "Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:05:26.978Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41050"
            },
            {
              "url": "https://github.com/advisories/GHSA-765j-qfrp-hm3j"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41050",
        "datePublished": "2026-05-13T08:04:57.293Z",
        "dateReserved": "2026-04-16T13:37:50.679Z",
        "dateUpdated": "2026-05-14T03:55:58.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25705 (GCVE-0-2026-25705)

    Vulnerability from nvd – Published: 2026-05-13 08:00 – Updated: 2026-05-14 03:55
    VLAI
    Title
    Rancher Extensions have arbitrary file access via path traversal
    Summary
    A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code. * Write to /var/lib/rancher/ to tamper with cluster state. * If hostPath volumes are mounted, write to the host node filesystem. * Use this issue to chain with other attack vectors.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-35 - Path traversal: '.../...//'
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 2.14.0 , < 2.14.1 (semver)
    Affected: 2.13.0 , < 2.13.5 (semver)
    Affected: 2.12.0 , < 2.12.9 (semver)
    Affected: 2.10.11 , < 2.11.13 (semver)
    Create a notification for this product.
    Credits
    https://github.com/KoreaSecurity
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25705",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T03:55:59.252Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.14.1",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.13.5",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.12.9",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.11.13",
                  "status": "affected",
                  "version": "2.10.11",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "https://github.com/KoreaSecurity"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been identified in [Rancher\u0027s Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to:\u003cdiv\u003e\u003cul\u003e\u003cli\u003eOverwrite Rancher binaries or configuration to inject code.\u003c/li\u003e\n\u003cli\u003eWrite to \u003ccode\u003e/var/lib/rancher/\u003c/code\u003e to tamper with cluster state.\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003ehostPath\u003c/code\u003e volumes are mounted, write to the host node filesystem.\u003c/li\u003e\n\u003cli\u003eUse this issue to chain with other attack vectors.\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
                }
              ],
              "value": "A vulnerability has been identified in [Rancher\u0027s Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to:  *  Overwrite Rancher binaries or configuration to inject code.\n\n  *  Write to /var/lib/rancher/ to tamper with cluster state.\n\n  *  If hostPath volumes are mounted, write to the host node filesystem.\n\n  *  Use this issue to chain with other attack vectors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-35",
                  "description": "CWE-35 Path traversal: \u0027.../...//\u0027",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T08:01:27.283Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25705"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-5v3h-x4wf-5c35"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Rancher Extensions have arbitrary file access via path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-25705",
        "datePublished": "2026-05-13T08:00:46.097Z",
        "dateReserved": "2026-02-05T15:37:24.184Z",
        "dateUpdated": "2026-05-14T03:55:59.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62879 (GCVE-0-2025-62879)

    Vulnerability from nvd – Published: 2026-03-04 15:08 – Updated: 2026-03-04 16:11
    VLAI
    Title
    Rancher Backup Operator pod's logs leak S3 tokens
    Summary
    A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 9.0.0 , < 9.0.1 (semver)
    Affected: 8.0.0 , < 8.1.2 (semver)
    Affected: 7.0.0 , < 7.0.5 (semver)
    Affected: 6.0.0 , < 6.0.3 (semver)
    Create a notification for this product.
    Date Public
    2026-02-03 10:09
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T16:11:27.835968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T16:11:33.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/backup-restore-operator",
              "product": "Rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.1.2",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.0.3",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-03T10:09:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both \u003ccode\u003eaccessKey\u003c/code\u003e and \u003ccode\u003esecretKey\u003c/code\u003e) into the rancher-backup-operator pod\u0027s logs.\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod\u0027s logs."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-04T15:08:11.734Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62879"
            },
            {
              "url": "https://github.com/advisories/GHSA-wj3p-5h3x-c74q"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher Backup Operator pod\u0027s logs leak S3 tokens",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-62879",
        "datePublished": "2026-03-04T15:08:11.734Z",
        "dateReserved": "2025-10-24T10:34:22.765Z",
        "dateUpdated": "2026-03-04T16:11:33.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67601 (GCVE-0-2025-67601)

    Vulnerability from nvd – Published: 2026-02-25 10:36 – Updated: 2026-02-26 14:44
    VLAI
    Title
    Rancher CLI skips TLS verification on Rancher CLI login command
    Summary
    A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 0 , < 0.0.0-20260129092249-bb0625fd1896 (semver)
    Affected: 2.13.0 , < 2.13.2 (semver)
    Affected: 2.12.0 , < 2.12.6 (semver)
    Affected: 2.11.0 , < 2.11.10 (semver)
    Affected: 2.10.0 , < 2.10.11 (semver)
    Create a notification for this product.
    Date Public
    2026-02-01 16:58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-26T04:55:52.856025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:07.081Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.0.0-20260129092249-bb0625fd1896",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.13.2",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.12.6",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.11.10",
                  "status": "affected",
                  "version": "2.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.11",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-01T16:58:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the \u003c/span\u003e\u003ccode\u003e-skip-verify\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;flag to the Rancher CLI login command without also passing the \u003c/span\u003e\u003ccode\u003e\u2013cacert\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;flag results in the CLI attempting to fetch CA certificates stored in Rancher\u2019s setting cacerts. \u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify\u00a0flag to the Rancher CLI login command without also passing the \u2013cacert\u00a0flag results in the CLI attempting to fetch CA certificates stored in Rancher\u2019s setting cacerts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T10:36:57.771Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher CLI skips TLS verification on Rancher CLI login command",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-67601",
        "datePublished": "2026-02-25T10:36:57.771Z",
        "dateReserved": "2025-12-09T14:05:21.453Z",
        "dateUpdated": "2026-02-26T14:44:07.081Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62878 (GCVE-0-2025-62878)

    Vulnerability from nvd – Published: 2026-02-25 10:49 – Updated: 2026-02-26 14:44
    VLAI
    Title
    Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern
    Summary
    A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0 , < 0.0.34 (semver)
    Create a notification for this product.
    Date Public
    2026-02-04 19:17
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62878",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-26T04:55:51.167071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:06.924Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/local-path-provisioner",
              "product": "Rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.0.34",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-02-04T19:17:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A malicious user can manipulate the parameters.pathPattern\u0026nbsp;to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories."
                }
              ],
              "value": "A malicious user can manipulate the parameters.pathPattern\u00a0to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T10:50:22.691Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62878"
            },
            {
              "url": "https://github.com/advisories/GHSA-jr3w-9vfr-c746"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-62878",
        "datePublished": "2026-02-25T10:49:29.596Z",
        "dateReserved": "2025-10-24T10:34:22.765Z",
        "dateUpdated": "2026-02-26T14:44:06.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58269 (GCVE-0-2024-58269)

    Vulnerability from nvd – Published: 2025-10-29 14:58 – Updated: 2025-10-29 15:10
    VLAI
    Title
    Rancher exposes sensitive information through audit logs
    Summary
    A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 0 , < 0.0.0-20251013203444-50dc516a19ea (semver)
    Create a notification for this product.
    Date Public
    2025-10-24 13:24
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T15:09:03.657329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T15:10:05.138Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.0.0-20251013203444-50dc516a19ea",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-10-24T13:24:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been identified in Rancher Manager, where sensitive \ninformation, including secret data, cluster import URLs, and \nregistration tokens, is exposed to any entity with access to Rancher \naudit logs."
                }
              ],
              "value": "A vulnerability has been identified in Rancher Manager, where sensitive \ninformation, including secret data, cluster import URLs, and \nregistration tokens, is exposed to any entity with access to Rancher \naudit logs."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T14:58:06.640Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58269"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-mw39-9qc2-f7mg"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher exposes sensitive information through audit logs",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-58269",
        "datePublished": "2025-10-29T14:58:06.640Z",
        "dateReserved": "2025-10-08T13:43:38.712Z",
        "dateUpdated": "2025-10-29T15:10:05.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-32199 (GCVE-0-2023-32199)

    Vulnerability from nvd – Published: 2025-10-29 14:54 – Updated: 2025-10-29 15:26
    VLAI
    Title
    Rancher user retains access to clusters despite Global Role removal
    Summary
    A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-281 - Improper Preservation of Permissions
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 0 , < 0.0.0-20251014212116-7faa74a968c2 (semver)
    Create a notification for this product.
    Date Public
    2025-10-24 13:05
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32199",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T15:13:25.439463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T15:26:02.274Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.0.0-20251014212116-7faa74a968c2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-10-24T13:05:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been identified within Rancher \nManager, where after removing a custom GlobalRole that gives \nadministrative access or the corresponding binding, the user still \nretains access to clusters.\u0026nbsp;This only affects custom Global Roles that\u0026nbsp;have a \u003ccode\u003e*\u003c/code\u003e on \u003ccode\u003e*\u003c/code\u003e in \u003ccode\u003e*\u003c/code\u003e rule for resources or have a \u003ccode\u003e*\u003c/code\u003e on \u003ccode\u003e*\u003c/code\u003e rule for non-resource URLs\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been identified within Rancher \nManager, where after removing a custom GlobalRole that gives \nadministrative access or the corresponding binding, the user still \nretains access to clusters.\u00a0This only affects custom Global Roles that\u00a0have a * on * in * rule for resources or have a * on * rule for non-resource URLs"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281: Improper Preservation of Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T14:57:27.222Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32199"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-j4vr-pcmw-hx59"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher user retains access to clusters despite Global Role removal",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2023-32199",
        "datePublished": "2025-10-29T14:54:04.162Z",
        "dateReserved": "2023-05-04T08:30:59.323Z",
        "dateUpdated": "2025-10-29T15:26:02.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58267 (GCVE-0-2024-58267)

    Vulnerability from nvd – Published: 2025-10-02 12:08 – Updated: 2026-02-26 17:48
    VLAI
    Title
    Rancher CLI SAML authentication is vulnerable to phishing attacks
    Summary
    A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 2.12.0 , < 2.12.2 (semver)
    Affected: 2.11.0 , < 2.11.6 (semver)
    Affected: 2.10.0 , < 2.10.10 (semver)
    Affected: 2.9.0 , < 2.9.12 (semver)
    Create a notification for this product.
    Date Public
    2025-09-26 11:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58267",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-03T03:55:36.714841Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:22.411Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.11.6",
                  "status": "affected",
                  "version": "2.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.10",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.9.12",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-09-26T11:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI  tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher\u2019s authentication tokens."
                }
              ],
              "value": "A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI  tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher\u2019s authentication tokens."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T12:08:30.507Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58267"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-v3vj-5868-2ch2"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher CLI SAML authentication is vulnerable to phishing attacks",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-58267",
        "datePublished": "2025-10-02T12:08:30.507Z",
        "dateReserved": "2025-09-04T04:04:22.186Z",
        "dateUpdated": "2026-02-26T17:48:22.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58260 (GCVE-0-2024-58260)

    Vulnerability from nvd – Published: 2025-10-02 12:09 – Updated: 2025-10-02 15:52
    VLAI
    Title
    Rancher update on users can deny the service to the admin
    Summary
    A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 2.12.0 , < 2.12.2 (semver)
    Affected: 2.11.0 , < 2.11.6 (semver)
    Affected: 2.10.0 , < 2.10.10 (semver)
    Affected: 2.9.0 , < 2.9.12 (semver)
    Create a notification for this product.
    Date Public
    2025-09-26 11:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-02T15:15:54.345379Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-02T15:52:35.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.11.6",
                  "status": "affected",
                  "version": "2.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.10",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.9.12",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-09-26T11:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts."
                }
              ],
              "value": "A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T12:09:46.203Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58260"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-q82v-h4rq-5c86"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher update on users can deny the service to the admin",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-58260",
        "datePublished": "2025-10-02T12:09:46.203Z",
        "dateReserved": "2025-07-23T08:10:38.954Z",
        "dateUpdated": "2025-10-02T15:52:35.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-54468 (GCVE-0-2025-54468)

    Vulnerability from nvd – Published: 2025-10-02 10:00 – Updated: 2025-10-02 14:10
    VLAI
    Title
    Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
    Summary
    A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 2.12.0 , < 2.12.2 (semver)
    Affected: 2.11.0 , < 2.11.6 (semver)
    Affected: 2.10.0 , < 2.10.10 (semver)
    Affected: 2.9.0 , < 2.9.12 (semver)
    Create a notification for this product.
    Date Public
    2025-09-26 11:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54468",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-02T14:10:09.289102Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-02T14:10:23.278Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.11.6",
                  "status": "affected",
                  "version": "2.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.10",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.9.12",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-09-26T11:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses."
                }
              ],
              "value": "A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T10:00:18.538Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54468"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-mjcp-rj3c-36fr"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher sends sensitive information to external services through the `/meta/proxy` endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-54468",
        "datePublished": "2025-10-02T10:00:18.538Z",
        "dateReserved": "2025-07-23T08:11:16.425Z",
        "dateUpdated": "2025-10-02T14:10:23.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-58259 (GCVE-0-2024-58259)

    Vulnerability from nvd – Published: 2025-09-02 11:53 – Updated: 2025-09-02 13:28
    VLAI
    Title
    Rancher affected by unauthenticated Denial of Service
    Summary
    A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 2.12.0 , < 2.12.1 (semver)
    Affected: 2.11.0 , < 2.11.5 (semver)
    Affected: 2.10.0 , < 2.10.9 (semver)
    Affected: 2.9.0 , < 2.9.11 (semver)
    Affected: 0 , < 0.0.0-20250813072957-aee95d4e2a41 (semver)
    Create a notification for this product.
    Date Public
    2025-08-29 13:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T13:28:09.503702Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-02T13:28:15.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.12.1",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.11.5",
                  "status": "affected",
                  "version": "2.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.9",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.9.11",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.0.0-20250813072957-aee95d4e2a41",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-08-29T13:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been identified within Rancher Manager in which it \ndid not enforce request body size limits on certain public \n(unauthenticated) and authenticated API endpoints. This allows a \nmalicious user to exploit this by sending excessively large payloads, \nwhich are fully loaded into memory during processing, leading to\u0026nbsp;Denial of Service (DoS)."
                }
              ],
              "value": "A vulnerability has been identified within Rancher Manager in which it \ndid not enforce request body size limits on certain public \n(unauthenticated) and authenticated API endpoints. This allows a \nmalicious user to exploit this by sending excessively large payloads, \nwhich are fully loaded into memory during processing, leading to\u00a0Denial of Service (DoS)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-02T11:54:30.959Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58259"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-4h45-jpvh-6p5j"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher affected by unauthenticated Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-58259",
        "datePublished": "2025-09-02T11:53:03.928Z",
        "dateReserved": "2025-07-23T08:10:38.954Z",
        "dateUpdated": "2025-09-02T13:28:15.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52284 (GCVE-0-2024-52284)

    Vulnerability from nvd – Published: 2025-09-02 11:49 – Updated: 2025-09-02 13:31
    VLAI
    Title
    Rancher Fleet Helm Values are stored inside BundleDeployment in plain text
    Summary
    Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.13.0 , < 0.13.1-0.20250806151509-088bcbea7edb (semver)
    Affected: 0.12.0 , < 0.12.6 (semver)
    Affected: 0.11.0 , < 0.11.10 (semver)
    Create a notification for this product.
    Date Public
    2025-08-29 12:31
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52284",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T13:31:45.987374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-02T13:31:49.988Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/fleet",
              "product": "Rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.13.1-0.20250806151509-088bcbea7edb",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.12.6",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.11.10",
                  "status": "affected",
                  "version": "0.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-08-29T12:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets."
                }
              ],
              "value": "Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312: Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-02T11:50:55.874Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52284"
            },
            {
              "url": "https://github.com/advisories/GHSA-6h9x-9j5v-7w9h"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher Fleet Helm Values are stored inside BundleDeployment in plain text",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-52284",
        "datePublished": "2025-09-02T11:49:49.379Z",
        "dateReserved": "2024-11-06T12:19:57.723Z",
        "dateUpdated": "2025-09-02T13:31:49.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52281 (GCVE-0-2024-52281)

    Vulnerability from nvd – Published: 2025-04-16 08:31 – Updated: 2026-02-26 18:28
    VLAI
    Title
    Stored Cross-site Scripting vulnerability in Rancher UI
    Summary
    A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;)
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 2.9.0 , < 2.9.4 (semver)
    Create a notification for this product.
    Date Public
    2025-01-14 21:03
    Credits
    This issue was identified and reported by Bhavin Makwana from Workday’s Cyber Defence Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-18T03:55:43.486506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:14.954Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.9.4",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "This issue was identified and reported by Bhavin Makwana from Workday\u2019s Cyber Defence Team"
            }
          ],
          "datePublic": "2025-01-14T21:03:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field.\u003cbr\u003e\u003cp\u003eThis issue affects rancher: from 2.9.0 before 2.9.4.\u003c/p\u003e"
                }
              ],
              "value": "A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field.\nThis issue affects rancher: from 2.9.0 before 2.9.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0026#39;Cross-site Scripting\u0026#39;)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-16T08:31:11.378Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52281"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-2v2w-8v8c-wcm9"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-site Scripting vulnerability in Rancher UI",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-52281",
        "datePublished": "2025-04-16T08:31:11.378Z",
        "dateReserved": "2024-11-06T12:19:57.723Z",
        "dateUpdated": "2026-02-26T18:28:14.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-22036 (GCVE-0-2024-22036)

    Vulnerability from nvd – Published: 2025-04-16 08:37 – Updated: 2026-02-26 18:28
    VLAI
    Title
    Rancher Remote Code Execution via Cluster/Node Drivers
    Summary
    A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher container itself. For the test and development environments, based on a –privileged Docker container, it is possible to escape the Docker container and gain execution access on the host system. This issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 2.7.0 , < 2.7.16 (semver)
    Affected: 2.8.0 , < 2.8.9 (semver)
    Affected: 2.9.0 , < 2.9.3 (semver)
    Create a notification for this product.
    Date Public
    2024-10-25 17:37
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22036",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-18T03:55:41.999711Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:14.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.7.16",
                  "status": "affected",
                  "version": "2.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.8.9",
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.9.3",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-10-25T17:37:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eA vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the \u003ccode\u003echroot\u003c/code\u003e\n jail and gain root access to the Rancher container itself. In \nproduction environments, further privilege escalation is possible based \non living off the land within the Rancher container itself. For the test\n and development environments, based on a \u2013privileged Docker container, \nit is possible to escape the Docker container and gain execution access \non the host system.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot\n jail and gain root access to the Rancher container itself. In \nproduction environments, further privilege escalation is possible based \non living off the land within the Rancher container itself. For the test\n and development environments, based on a \u2013privileged Docker container, \nit is possible to escape the Docker container and gain execution access \non the host system.\n\n\nThis issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-16T08:37:54.218Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22036"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-h99m-6755-rgwc"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher Remote Code Execution via Cluster/Node Drivers",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-22036",
        "datePublished": "2025-04-16T08:37:54.218Z",
        "dateReserved": "2024-01-04T12:38:34.025Z",
        "dateUpdated": "2026-02-26T18:28:14.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-32197 (GCVE-0-2023-32197)

    Vulnerability from nvd – Published: 2025-04-16 08:40 – Updated: 2026-02-26 18:28
    VLAI
    Title
    Rancher's External RoleTemplates can lead to privilege escalation
    Summary
    A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 2.7.0 , < 2.7.14 (semver)
    Affected: 2.8.0 , < 2.8.5 (semver)
    Create a notification for this product.
    Date Public
    2024-06-17 20:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32197",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-18T03:55:40.608505Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:14.100Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.7.14",
                  "status": "affected",
                  "version": "2.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.8.5",
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-06-17T20:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Improper Privilege Management vulnerability in SUSE rancher in \u003ccode\u003eRoleTemplate\u003c/code\u003eobjects when external=true is set can lead to privilege escalation in specific scenarios.\u003cp\u003eThis issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.\u003c/p\u003e"
                }
              ],
              "value": "A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-16T08:40:54.464Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32197"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-64jq-m7rq-768h"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher\u0027s External RoleTemplates can lead to privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2023-32197",
        "datePublished": "2025-04-16T08:40:54.464Z",
        "dateReserved": "2023-05-04T08:30:59.322Z",
        "dateUpdated": "2026-02-26T18:28:14.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-52280 (GCVE-0-2024-52280)

    Vulnerability from nvd – Published: 2025-04-11 11:12 – Updated: 2025-04-11 13:22
    VLAI
    Title
    Users can issue watch commands for arbitrary resources
    Summary
    A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 0 , < 2175e09 (git)
    Affected: 0 , < 6e30359 (git)
    Affected: 0 , < c744f0b (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52280",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-11T13:21:44.041023Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-11T13:22:07.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/steve",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2175e09",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                },
                {
                  "lessThan": "6e30359",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                },
                {
                  "lessThan": "c744f0b",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher  which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. \u003cbr\u003e\u003cp\u003eThis issue affects rancher: before 2175e09, before 6e30359, before c744f0b.\u003c/p\u003e"
                }
              ],
              "value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher  which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. \nThis issue affects rancher: before 2175e09, before 6e30359, before c744f0b."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-11T11:12:44.180Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52280"
            },
            {
              "url": "https://github.com/rancher/steve/security/advisories/GHSA-j5hq-5jcr-xwx7"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Users can issue watch commands for arbitrary resources",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-52280",
        "datePublished": "2025-04-11T11:12:44.180Z",
        "dateReserved": "2024-11-06T12:19:57.723Z",
        "dateUpdated": "2025-04-11T13:22:07.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23391 (GCVE-0-2025-23391)

    Vulnerability from nvd – Published: 2025-04-11 10:38 – Updated: 2026-02-26 18:28
    VLAI
    Title
    Rancher: Restricted Administrator can change Administrator's passwords
    Summary
    A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 2.8.0 , < 2.8.14 (semver)
    Affected: 2.9.0 , < 2.9.8 (semver)
    Affected: 2.10.0 , < 2.10.4 (semver)
    Create a notification for this product.
    Date Public
    2025-04-01 12:19
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23391",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-12T03:55:13.946865Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:27.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.8.14",
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.9.8",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.4",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-04-01T12:19:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts.\u003cbr\u003e\u003cp\u003eThis issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4.\u003c/p\u003e"
                }
              ],
              "value": "A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts.\nThis issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266: Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-11T10:38:43.642Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23391"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-8p83-cpfg-fj3g"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher: Restricted Administrator can change Administrator\u0027s passwords",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-23391",
        "datePublished": "2025-04-11T10:38:43.642Z",
        "dateReserved": "2025-01-15T12:39:03.324Z",
        "dateUpdated": "2026-02-26T18:28:27.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23389 (GCVE-0-2025-23389)

    Vulnerability from nvd – Published: 2025-04-11 10:46 – Updated: 2026-02-26 18:28
    VLAI
    Title
    Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
    Summary
    A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 2.8.0 , < 2.8.13 (semver)
    Affected: 2.9.0 , < 2.9.7 (semver)
    Affected: 2.10.0 , < 2.10.3 (semver)
    Create a notification for this product.
    Date Public
    2025-02-27 17:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23389",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-12T03:55:12.022094Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:27.054Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.8.13",
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.9.7",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.3",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-02-27T17:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login.\u003cbr\u003e\u003cp\u003eThis issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.\u003c/p\u003e"
                }
              ],
              "value": "A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login.\nThis issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-11T10:46:43.655Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23389"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-mq23-vvg7-xfm4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-23389",
        "datePublished": "2025-04-11T10:46:43.655Z",
        "dateReserved": "2025-01-15T12:39:03.324Z",
        "dateUpdated": "2026-02-26T18:28:27.054Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23388 (GCVE-0-2025-23388)

    Vulnerability from nvd – Published: 2025-04-11 10:48 – Updated: 2025-04-15 15:08
    VLAI
    Title
    Unauthenticated stack overflow in /v3-public/authproviders API
    Summary
    A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    SUSE rancher Affected: 2.8.0 , < 2.8.13 (semver)
    Affected: 2.9.0 , < 2.9.7 (semver)
    Affected: 2.10.0 , < 2.10.3 (semver)
    Create a notification for this product.
    Date Public
    2025-02-27 17:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-11T13:28:18.934297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T15:08:29.960Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/rancher",
              "product": "rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.8.13",
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.9.7",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.3",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-02-27T17:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.\u003cp\u003eThis issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.\u003c/p\u003e"
                }
              ],
              "value": "A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-11T10:48:51.349Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23388"
            },
            {
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-xr9q-h9c7-xw8q"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated stack overflow in /v3-public/authproviders API",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-23388",
        "datePublished": "2025-04-11T10:48:51.349Z",
        "dateReserved": "2025-01-15T12:39:03.324Z",
        "dateUpdated": "2025-04-15T15:08:29.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }