Search criteria
120 vulnerabilities found for rancher by suse
CVE-2026-41050 (GCVE-0-2026-41050)
Vulnerability from nvd – Published: 2026-05-13 08:04 – Updated: 2026-05-14 03:55
VLAI
Title
Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering
Summary
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.
Severity
9.9 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T03:55:58.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/fleet",
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.15.1",
"status": "affected",
"version": "0.15.0",
"versionType": "semver"
},
{
"lessThan": "0.14.5",
"status": "affected",
"version": "0.14.0",
"versionType": "semver"
},
{
"lessThan": "0.13.10",
"status": "affected",
"version": "0.13.0",
"versionType": "semver"
},
{
"lessThan": "0.12.14",
"status": "affected",
"version": "0.12.0",
"versionType": "semver"
},
{
"lessThan": "0.11.13",
"status": "affected",
"version": "0.11.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "https://github.com/kodareef5"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`."
}
],
"value": "Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T08:05:26.978Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41050"
},
{
"url": "https://github.com/advisories/GHSA-765j-qfrp-hm3j"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-41050",
"datePublished": "2026-05-13T08:04:57.293Z",
"dateReserved": "2026-04-16T13:37:50.679Z",
"dateUpdated": "2026-05-14T03:55:58.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25705 (GCVE-0-2026-25705)
Vulnerability from nvd – Published: 2026-05-13 08:00 – Updated: 2026-05-14 03:55
VLAI
Title
Rancher Extensions have arbitrary file access via path traversal
Summary
A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code.
* Write to /var/lib/rancher/ to tamper with cluster state.
* If hostPath volumes are mounted, write to the host node filesystem.
* Use this issue to chain with other attack vectors.
Severity
8.4 (High)
CWE
- CWE-35 - Path traversal: '.../...//'
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T03:55:59.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
},
{
"lessThan": "2.13.5",
"status": "affected",
"version": "2.13.0",
"versionType": "semver"
},
{
"lessThan": "2.12.9",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.13",
"status": "affected",
"version": "2.10.11",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "https://github.com/KoreaSecurity"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified in [Rancher\u0027s Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to:\u003cdiv\u003e\u003cul\u003e\u003cli\u003eOverwrite Rancher binaries or configuration to inject code.\u003c/li\u003e\n\u003cli\u003eWrite to \u003ccode\u003e/var/lib/rancher/\u003c/code\u003e to tamper with cluster state.\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003ehostPath\u003c/code\u003e volumes are mounted, write to the host node filesystem.\u003c/li\u003e\n\u003cli\u003eUse this issue to chain with other attack vectors.\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "A vulnerability has been identified in [Rancher\u0027s Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code.\n\n * Write to /var/lib/rancher/ to tamper with cluster state.\n\n * If hostPath volumes are mounted, write to the host node filesystem.\n\n * Use this issue to chain with other attack vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T08:01:27.283Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25705"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-5v3h-x4wf-5c35"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rancher Extensions have arbitrary file access via path traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-25705",
"datePublished": "2026-05-13T08:00:46.097Z",
"dateReserved": "2026-02-05T15:37:24.184Z",
"dateUpdated": "2026-05-14T03:55:59.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62879 (GCVE-0-2025-62879)
Vulnerability from nvd – Published: 2026-03-04 15:08 – Updated: 2026-03-04 16:11
VLAI
Title
Rancher Backup Operator pod's logs leak S3 tokens
Summary
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.
Severity
6.8 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Date Public
2026-02-03 10:09
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T16:11:27.835968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:11:33.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/backup-restore-operator",
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0.1",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "8.1.2",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-02-03T10:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both \u003ccode\u003eaccessKey\u003c/code\u003e and \u003ccode\u003esecretKey\u003c/code\u003e) into the rancher-backup-operator pod\u0027s logs.\u003cbr\u003e"
}
],
"value": "A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod\u0027s logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:08:11.734Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62879"
},
{
"url": "https://github.com/advisories/GHSA-wj3p-5h3x-c74q"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher Backup Operator pod\u0027s logs leak S3 tokens",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-62879",
"datePublished": "2026-03-04T15:08:11.734Z",
"dateReserved": "2025-10-24T10:34:22.765Z",
"dateUpdated": "2026-03-04T16:11:33.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67601 (GCVE-0-2025-67601)
Vulnerability from nvd – Published: 2026-02-25 10:36 – Updated: 2026-02-26 14:44
VLAI
Title
Rancher CLI skips TLS verification on Rancher CLI login command
Summary
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.
Severity
8.3 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
Date Public
2026-02-01 16:58
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:55:52.856025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:07.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.0.0-20260129092249-bb0625fd1896",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.13.2",
"status": "affected",
"version": "2.13.0",
"versionType": "semver"
},
{
"lessThan": "2.12.6",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.10",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "2.10.11",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-02-01T16:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the \u003c/span\u003e\u003ccode\u003e-skip-verify\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;flag to the Rancher CLI login command without also passing the \u003c/span\u003e\u003ccode\u003e\u2013cacert\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;flag results in the CLI attempting to fetch CA certificates stored in Rancher\u2019s setting cacerts. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify\u00a0flag to the Rancher CLI login command without also passing the \u2013cacert\u00a0flag results in the CLI attempting to fetch CA certificates stored in Rancher\u2019s setting cacerts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T10:36:57.771Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher CLI skips TLS verification on Rancher CLI login command",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-67601",
"datePublished": "2026-02-25T10:36:57.771Z",
"dateReserved": "2025-12-09T14:05:21.453Z",
"dateUpdated": "2026-02-26T14:44:07.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62878 (GCVE-0-2025-62878)
Vulnerability from nvd – Published: 2026-02-25 10:49 – Updated: 2026-02-26 14:44
VLAI
Title
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern
Summary
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.
Severity
9.9 (Critical)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Date Public
2026-02-04 19:17
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:55:51.167071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:06.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/local-path-provisioner",
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.0.34",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-02-04T19:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious user can manipulate the parameters.pathPattern\u0026nbsp;to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories."
}
],
"value": "A malicious user can manipulate the parameters.pathPattern\u00a0to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T10:50:22.691Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62878"
},
{
"url": "https://github.com/advisories/GHSA-jr3w-9vfr-c746"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-62878",
"datePublished": "2026-02-25T10:49:29.596Z",
"dateReserved": "2025-10-24T10:34:22.765Z",
"dateUpdated": "2026-02-26T14:44:06.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58269 (GCVE-0-2024-58269)
Vulnerability from nvd – Published: 2025-10-29 14:58 – Updated: 2025-10-29 15:10
VLAI
Title
Rancher exposes sensitive information through audit logs
Summary
A vulnerability has been identified in Rancher Manager, where sensitive
information, including secret data, cluster import URLs, and
registration tokens, is exposed to any entity with access to Rancher
audit logs.
Severity
4.3 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Date Public
2025-10-24 13:24
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T15:09:03.657329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T15:10:05.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.0.0-20251013203444-50dc516a19ea",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-24T13:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified in Rancher Manager, where sensitive \ninformation, including secret data, cluster import URLs, and \nregistration tokens, is exposed to any entity with access to Rancher \naudit logs."
}
],
"value": "A vulnerability has been identified in Rancher Manager, where sensitive \ninformation, including secret data, cluster import URLs, and \nregistration tokens, is exposed to any entity with access to Rancher \naudit logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:58:06.640Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58269"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-mw39-9qc2-f7mg"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher exposes sensitive information through audit logs",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-58269",
"datePublished": "2025-10-29T14:58:06.640Z",
"dateReserved": "2025-10-08T13:43:38.712Z",
"dateUpdated": "2025-10-29T15:10:05.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-32199 (GCVE-0-2023-32199)
Vulnerability from nvd – Published: 2025-10-29 14:54 – Updated: 2025-10-29 15:26
VLAI
Title
Rancher user retains access to clusters despite Global Role removal
Summary
A vulnerability has been identified within Rancher
Manager, where after removing a custom GlobalRole that gives
administrative access or the corresponding binding, the user still
retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs
Severity
4.3 (Medium)
CWE
- CWE-281 - Improper Preservation of Permissions
Assigner
References
Impacted products
Date Public
2025-10-24 13:05
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T15:13:25.439463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T15:26:02.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.0.0-20251014212116-7faa74a968c2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-24T13:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been identified within Rancher \nManager, where after removing a custom GlobalRole that gives \nadministrative access or the corresponding binding, the user still \nretains access to clusters.\u0026nbsp;This only affects custom Global Roles that\u0026nbsp;have a \u003ccode\u003e*\u003c/code\u003e on \u003ccode\u003e*\u003c/code\u003e in \u003ccode\u003e*\u003c/code\u003e rule for resources or have a \u003ccode\u003e*\u003c/code\u003e on \u003ccode\u003e*\u003c/code\u003e rule for non-resource URLs\u003c/p\u003e"
}
],
"value": "A vulnerability has been identified within Rancher \nManager, where after removing a custom GlobalRole that gives \nadministrative access or the corresponding binding, the user still \nretains access to clusters.\u00a0This only affects custom Global Roles that\u00a0have a * on * in * rule for resources or have a * on * rule for non-resource URLs"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281: Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:57:27.222Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32199"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-j4vr-pcmw-hx59"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher user retains access to clusters despite Global Role removal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2023-32199",
"datePublished": "2025-10-29T14:54:04.162Z",
"dateReserved": "2023-05-04T08:30:59.323Z",
"dateUpdated": "2025-10-29T15:26:02.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58267 (GCVE-0-2024-58267)
Vulnerability from nvd – Published: 2025-10-02 12:08 – Updated: 2026-02-26 17:48
VLAI
Title
Rancher CLI SAML authentication is vulnerable to phishing attacks
Summary
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.
Severity
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
Impacted products
Date Public
2025-09-26 11:02
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T03:55:36.714841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:22.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.12.2",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.6",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "2.10.10",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
},
{
"lessThan": "2.9.12",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-26T11:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher\u2019s authentication tokens."
}
],
"value": "A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher\u2019s authentication tokens."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T12:08:30.507Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58267"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-v3vj-5868-2ch2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher CLI SAML authentication is vulnerable to phishing attacks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-58267",
"datePublished": "2025-10-02T12:08:30.507Z",
"dateReserved": "2025-09-04T04:04:22.186Z",
"dateUpdated": "2026-02-26T17:48:22.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58260 (GCVE-0-2024-58260)
Vulnerability from nvd – Published: 2025-10-02 12:09 – Updated: 2025-10-02 15:52
VLAI
Title
Rancher update on users can deny the service to the admin
Summary
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.
Severity
7.6 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Date Public
2025-09-26 11:02
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:15:54.345379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:52:35.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.12.2",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.6",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "2.10.10",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
},
{
"lessThan": "2.9.12",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-26T11:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts."
}
],
"value": "A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T12:09:46.203Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58260"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-q82v-h4rq-5c86"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher update on users can deny the service to the admin",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-58260",
"datePublished": "2025-10-02T12:09:46.203Z",
"dateReserved": "2025-07-23T08:10:38.954Z",
"dateUpdated": "2025-10-02T15:52:35.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54468 (GCVE-0-2025-54468)
Vulnerability from nvd – Published: 2025-10-02 10:00 – Updated: 2025-10-02 14:10
VLAI
Title
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
Summary
A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.
Severity
4.7 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
Date Public
2025-09-26 11:02
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T14:10:09.289102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:10:23.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.12.2",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.6",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "2.10.10",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
},
{
"lessThan": "2.9.12",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-26T11:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses."
}
],
"value": "A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T10:00:18.538Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54468"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-mjcp-rj3c-36fr"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher sends sensitive information to external services through the `/meta/proxy` endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-54468",
"datePublished": "2025-10-02T10:00:18.538Z",
"dateReserved": "2025-07-23T08:11:16.425Z",
"dateUpdated": "2025-10-02T14:10:23.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58259 (GCVE-0-2024-58259)
Vulnerability from nvd – Published: 2025-09-02 11:53 – Updated: 2025-09-02 13:28
VLAI
Title
Rancher affected by unauthenticated Denial of Service
Summary
A vulnerability has been identified within Rancher Manager in which it
did not enforce request body size limits on certain public
(unauthenticated) and authenticated API endpoints. This allows a
malicious user to exploit this by sending excessively large payloads,
which are fully loaded into memory during processing, leading to Denial of Service (DoS).
Severity
8.2 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
Date Public
2025-08-29 13:38
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T13:28:09.503702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T13:28:15.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.12.1",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.5",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "2.10.9",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
},
{
"lessThan": "2.9.11",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
},
{
"lessThan": "0.0.0-20250813072957-aee95d4e2a41",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-08-29T13:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified within Rancher Manager in which it \ndid not enforce request body size limits on certain public \n(unauthenticated) and authenticated API endpoints. This allows a \nmalicious user to exploit this by sending excessively large payloads, \nwhich are fully loaded into memory during processing, leading to\u0026nbsp;Denial of Service (DoS)."
}
],
"value": "A vulnerability has been identified within Rancher Manager in which it \ndid not enforce request body size limits on certain public \n(unauthenticated) and authenticated API endpoints. This allows a \nmalicious user to exploit this by sending excessively large payloads, \nwhich are fully loaded into memory during processing, leading to\u00a0Denial of Service (DoS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T11:54:30.959Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58259"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-4h45-jpvh-6p5j"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher affected by unauthenticated Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-58259",
"datePublished": "2025-09-02T11:53:03.928Z",
"dateReserved": "2025-07-23T08:10:38.954Z",
"dateUpdated": "2025-09-02T13:28:15.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52284 (GCVE-0-2024-52284)
Vulnerability from nvd – Published: 2025-09-02 11:49 – Updated: 2025-09-02 13:31
VLAI
Title
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text
Summary
Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
Severity
7.7 (High)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
Impacted products
Date Public
2025-08-29 12:31
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T13:31:45.987374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T13:31:49.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/fleet",
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.13.1-0.20250806151509-088bcbea7edb",
"status": "affected",
"version": "0.13.0",
"versionType": "semver"
},
{
"lessThan": "0.12.6",
"status": "affected",
"version": "0.12.0",
"versionType": "semver"
},
{
"lessThan": "0.11.10",
"status": "affected",
"version": "0.11.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-08-29T12:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets."
}
],
"value": "Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T11:50:55.874Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52284"
},
{
"url": "https://github.com/advisories/GHSA-6h9x-9j5v-7w9h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher Fleet Helm Values are stored inside BundleDeployment in plain text",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-52284",
"datePublished": "2025-09-02T11:49:49.379Z",
"dateReserved": "2024-11-06T12:19:57.723Z",
"dateUpdated": "2025-09-02T13:31:49.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52281 (GCVE-0-2024-52281)
Vulnerability from nvd – Published: 2025-04-16 08:31 – Updated: 2026-02-26 18:28
VLAI
Title
Stored Cross-site Scripting vulnerability in Rancher UI
Summary
A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field.
This issue affects rancher: from 2.9.0 before 2.9.4.
Severity
8.9 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Date Public
2025-01-14 21:03
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T03:55:43.486506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:14.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.9.4",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was identified and reported by Bhavin Makwana from Workday\u2019s Cyber Defence Team"
}
],
"datePublic": "2025-01-14T21:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field.\u003cbr\u003e\u003cp\u003eThis issue affects rancher: from 2.9.0 before 2.9.4.\u003c/p\u003e"
}
],
"value": "A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field.\nThis issue affects rancher: from 2.9.0 before 2.9.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0026#39;Cross-site Scripting\u0026#39;)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T08:31:11.378Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52281"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-2v2w-8v8c-wcm9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-site Scripting vulnerability in Rancher UI",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-52281",
"datePublished": "2025-04-16T08:31:11.378Z",
"dateReserved": "2024-11-06T12:19:57.723Z",
"dateUpdated": "2026-02-26T18:28:14.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-22036 (GCVE-0-2024-22036)
Vulnerability from nvd – Published: 2025-04-16 08:37 – Updated: 2026-02-26 18:28
VLAI
Title
Rancher Remote Code Execution via Cluster/Node Drivers
Summary
A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot
jail and gain root access to the Rancher container itself. In
production environments, further privilege escalation is possible based
on living off the land within the Rancher container itself. For the test
and development environments, based on a –privileged Docker container,
it is possible to escape the Docker container and gain execution access
on the host system.
This issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3.
Severity
9.1 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Date Public
2024-10-25 17:37
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T03:55:41.999711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:14.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.7.16",
"status": "affected",
"version": "2.7.0",
"versionType": "semver"
},
{
"lessThan": "2.8.9",
"status": "affected",
"version": "2.8.0",
"versionType": "semver"
},
{
"lessThan": "2.9.3",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-25T17:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the \u003ccode\u003echroot\u003c/code\u003e\n jail and gain root access to the Rancher container itself. In \nproduction environments, further privilege escalation is possible based \non living off the land within the Rancher container itself. For the test\n and development environments, based on a \u2013privileged Docker container, \nit is possible to escape the Docker container and gain execution access \non the host system.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3.\u003c/p\u003e"
}
],
"value": "A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot\n jail and gain root access to the Rancher container itself. In \nproduction environments, further privilege escalation is possible based \non living off the land within the Rancher container itself. For the test\n and development environments, based on a \u2013privileged Docker container, \nit is possible to escape the Docker container and gain execution access \non the host system.\n\n\nThis issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T08:37:54.218Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22036"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-h99m-6755-rgwc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher Remote Code Execution via Cluster/Node Drivers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-22036",
"datePublished": "2025-04-16T08:37:54.218Z",
"dateReserved": "2024-01-04T12:38:34.025Z",
"dateUpdated": "2026-02-26T18:28:14.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-32197 (GCVE-0-2023-32197)
Vulnerability from nvd – Published: 2025-04-16 08:40 – Updated: 2026-02-26 18:28
VLAI
Title
Rancher's External RoleTemplates can lead to privilege escalation
Summary
A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Date Public
2024-06-17 20:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T03:55:40.608505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:14.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.7.14",
"status": "affected",
"version": "2.7.0",
"versionType": "semver"
},
{
"lessThan": "2.8.5",
"status": "affected",
"version": "2.8.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-17T20:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Improper Privilege Management vulnerability in SUSE rancher in \u003ccode\u003eRoleTemplate\u003c/code\u003eobjects when external=true is set can lead to privilege escalation in specific scenarios.\u003cp\u003eThis issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.\u003c/p\u003e"
}
],
"value": "A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T08:40:54.464Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32197"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-64jq-m7rq-768h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher\u0027s External RoleTemplates can lead to privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2023-32197",
"datePublished": "2025-04-16T08:40:54.464Z",
"dateReserved": "2023-05-04T08:30:59.322Z",
"dateUpdated": "2026-02-26T18:28:14.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41050 (GCVE-0-2026-41050)
Vulnerability from cvelistv5 – Published: 2026-05-13 08:04 – Updated: 2026-05-14 03:55
VLAI
Title
Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering
Summary
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.
Severity
9.9 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T03:55:58.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/fleet",
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.15.1",
"status": "affected",
"version": "0.15.0",
"versionType": "semver"
},
{
"lessThan": "0.14.5",
"status": "affected",
"version": "0.14.0",
"versionType": "semver"
},
{
"lessThan": "0.13.10",
"status": "affected",
"version": "0.13.0",
"versionType": "semver"
},
{
"lessThan": "0.12.14",
"status": "affected",
"version": "0.12.0",
"versionType": "semver"
},
{
"lessThan": "0.11.13",
"status": "affected",
"version": "0.11.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "https://github.com/kodareef5"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`."
}
],
"value": "Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T08:05:26.978Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41050"
},
{
"url": "https://github.com/advisories/GHSA-765j-qfrp-hm3j"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-41050",
"datePublished": "2026-05-13T08:04:57.293Z",
"dateReserved": "2026-04-16T13:37:50.679Z",
"dateUpdated": "2026-05-14T03:55:58.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25705 (GCVE-0-2026-25705)
Vulnerability from cvelistv5 – Published: 2026-05-13 08:00 – Updated: 2026-05-14 03:55
VLAI
Title
Rancher Extensions have arbitrary file access via path traversal
Summary
A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code.
* Write to /var/lib/rancher/ to tamper with cluster state.
* If hostPath volumes are mounted, write to the host node filesystem.
* Use this issue to chain with other attack vectors.
Severity
8.4 (High)
CWE
- CWE-35 - Path traversal: '.../...//'
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T03:55:59.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
},
{
"lessThan": "2.13.5",
"status": "affected",
"version": "2.13.0",
"versionType": "semver"
},
{
"lessThan": "2.12.9",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.13",
"status": "affected",
"version": "2.10.11",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "https://github.com/KoreaSecurity"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified in [Rancher\u0027s Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to:\u003cdiv\u003e\u003cul\u003e\u003cli\u003eOverwrite Rancher binaries or configuration to inject code.\u003c/li\u003e\n\u003cli\u003eWrite to \u003ccode\u003e/var/lib/rancher/\u003c/code\u003e to tamper with cluster state.\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003ehostPath\u003c/code\u003e volumes are mounted, write to the host node filesystem.\u003c/li\u003e\n\u003cli\u003eUse this issue to chain with other attack vectors.\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "A vulnerability has been identified in [Rancher\u0027s Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code.\n\n * Write to /var/lib/rancher/ to tamper with cluster state.\n\n * If hostPath volumes are mounted, write to the host node filesystem.\n\n * Use this issue to chain with other attack vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T08:01:27.283Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25705"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-5v3h-x4wf-5c35"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rancher Extensions have arbitrary file access via path traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-25705",
"datePublished": "2026-05-13T08:00:46.097Z",
"dateReserved": "2026-02-05T15:37:24.184Z",
"dateUpdated": "2026-05-14T03:55:59.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62879 (GCVE-0-2025-62879)
Vulnerability from cvelistv5 – Published: 2026-03-04 15:08 – Updated: 2026-03-04 16:11
VLAI
Title
Rancher Backup Operator pod's logs leak S3 tokens
Summary
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.
Severity
6.8 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Date Public
2026-02-03 10:09
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T16:11:27.835968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T16:11:33.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/backup-restore-operator",
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0.1",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "8.1.2",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-02-03T10:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both \u003ccode\u003eaccessKey\u003c/code\u003e and \u003ccode\u003esecretKey\u003c/code\u003e) into the rancher-backup-operator pod\u0027s logs.\u003cbr\u003e"
}
],
"value": "A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod\u0027s logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T15:08:11.734Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62879"
},
{
"url": "https://github.com/advisories/GHSA-wj3p-5h3x-c74q"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher Backup Operator pod\u0027s logs leak S3 tokens",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-62879",
"datePublished": "2026-03-04T15:08:11.734Z",
"dateReserved": "2025-10-24T10:34:22.765Z",
"dateUpdated": "2026-03-04T16:11:33.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62878 (GCVE-0-2025-62878)
Vulnerability from cvelistv5 – Published: 2026-02-25 10:49 – Updated: 2026-02-26 14:44
VLAI
Title
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern
Summary
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.
Severity
9.9 (Critical)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Date Public
2026-02-04 19:17
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:55:51.167071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:06.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/local-path-provisioner",
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.0.34",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-02-04T19:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious user can manipulate the parameters.pathPattern\u0026nbsp;to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories."
}
],
"value": "A malicious user can manipulate the parameters.pathPattern\u00a0to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T10:50:22.691Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62878"
},
{
"url": "https://github.com/advisories/GHSA-jr3w-9vfr-c746"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-62878",
"datePublished": "2026-02-25T10:49:29.596Z",
"dateReserved": "2025-10-24T10:34:22.765Z",
"dateUpdated": "2026-02-26T14:44:06.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67601 (GCVE-0-2025-67601)
Vulnerability from cvelistv5 – Published: 2026-02-25 10:36 – Updated: 2026-02-26 14:44
VLAI
Title
Rancher CLI skips TLS verification on Rancher CLI login command
Summary
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.
Severity
8.3 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
Date Public
2026-02-01 16:58
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:55:52.856025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:07.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.0.0-20260129092249-bb0625fd1896",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.13.2",
"status": "affected",
"version": "2.13.0",
"versionType": "semver"
},
{
"lessThan": "2.12.6",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.10",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "2.10.11",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-02-01T16:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the \u003c/span\u003e\u003ccode\u003e-skip-verify\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;flag to the Rancher CLI login command without also passing the \u003c/span\u003e\u003ccode\u003e\u2013cacert\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;flag results in the CLI attempting to fetch CA certificates stored in Rancher\u2019s setting cacerts. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify\u00a0flag to the Rancher CLI login command without also passing the \u2013cacert\u00a0flag results in the CLI attempting to fetch CA certificates stored in Rancher\u2019s setting cacerts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T10:36:57.771Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67601"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher CLI skips TLS verification on Rancher CLI login command",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-67601",
"datePublished": "2026-02-25T10:36:57.771Z",
"dateReserved": "2025-12-09T14:05:21.453Z",
"dateUpdated": "2026-02-26T14:44:07.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58269 (GCVE-0-2024-58269)
Vulnerability from cvelistv5 – Published: 2025-10-29 14:58 – Updated: 2025-10-29 15:10
VLAI
Title
Rancher exposes sensitive information through audit logs
Summary
A vulnerability has been identified in Rancher Manager, where sensitive
information, including secret data, cluster import URLs, and
registration tokens, is exposed to any entity with access to Rancher
audit logs.
Severity
4.3 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Date Public
2025-10-24 13:24
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T15:09:03.657329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T15:10:05.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.0.0-20251013203444-50dc516a19ea",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-24T13:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified in Rancher Manager, where sensitive \ninformation, including secret data, cluster import URLs, and \nregistration tokens, is exposed to any entity with access to Rancher \naudit logs."
}
],
"value": "A vulnerability has been identified in Rancher Manager, where sensitive \ninformation, including secret data, cluster import URLs, and \nregistration tokens, is exposed to any entity with access to Rancher \naudit logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:58:06.640Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58269"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-mw39-9qc2-f7mg"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher exposes sensitive information through audit logs",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-58269",
"datePublished": "2025-10-29T14:58:06.640Z",
"dateReserved": "2025-10-08T13:43:38.712Z",
"dateUpdated": "2025-10-29T15:10:05.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-32199 (GCVE-0-2023-32199)
Vulnerability from cvelistv5 – Published: 2025-10-29 14:54 – Updated: 2025-10-29 15:26
VLAI
Title
Rancher user retains access to clusters despite Global Role removal
Summary
A vulnerability has been identified within Rancher
Manager, where after removing a custom GlobalRole that gives
administrative access or the corresponding binding, the user still
retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs
Severity
4.3 (Medium)
CWE
- CWE-281 - Improper Preservation of Permissions
Assigner
References
Impacted products
Date Public
2025-10-24 13:05
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T15:13:25.439463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T15:26:02.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.0.0-20251014212116-7faa74a968c2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-24T13:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been identified within Rancher \nManager, where after removing a custom GlobalRole that gives \nadministrative access or the corresponding binding, the user still \nretains access to clusters.\u0026nbsp;This only affects custom Global Roles that\u0026nbsp;have a \u003ccode\u003e*\u003c/code\u003e on \u003ccode\u003e*\u003c/code\u003e in \u003ccode\u003e*\u003c/code\u003e rule for resources or have a \u003ccode\u003e*\u003c/code\u003e on \u003ccode\u003e*\u003c/code\u003e rule for non-resource URLs\u003c/p\u003e"
}
],
"value": "A vulnerability has been identified within Rancher \nManager, where after removing a custom GlobalRole that gives \nadministrative access or the corresponding binding, the user still \nretains access to clusters.\u00a0This only affects custom Global Roles that\u00a0have a * on * in * rule for resources or have a * on * rule for non-resource URLs"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281: Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:57:27.222Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32199"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-j4vr-pcmw-hx59"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher user retains access to clusters despite Global Role removal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2023-32199",
"datePublished": "2025-10-29T14:54:04.162Z",
"dateReserved": "2023-05-04T08:30:59.323Z",
"dateUpdated": "2025-10-29T15:26:02.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58260 (GCVE-0-2024-58260)
Vulnerability from cvelistv5 – Published: 2025-10-02 12:09 – Updated: 2025-10-02 15:52
VLAI
Title
Rancher update on users can deny the service to the admin
Summary
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.
Severity
7.6 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Date Public
2025-09-26 11:02
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T15:15:54.345379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:52:35.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.12.2",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.6",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "2.10.10",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
},
{
"lessThan": "2.9.12",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-26T11:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts."
}
],
"value": "A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T12:09:46.203Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58260"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-q82v-h4rq-5c86"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher update on users can deny the service to the admin",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-58260",
"datePublished": "2025-10-02T12:09:46.203Z",
"dateReserved": "2025-07-23T08:10:38.954Z",
"dateUpdated": "2025-10-02T15:52:35.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58267 (GCVE-0-2024-58267)
Vulnerability from cvelistv5 – Published: 2025-10-02 12:08 – Updated: 2026-02-26 17:48
VLAI
Title
Rancher CLI SAML authentication is vulnerable to phishing attacks
Summary
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.
Severity
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
Impacted products
Date Public
2025-09-26 11:02
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T03:55:36.714841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:22.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.12.2",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.6",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "2.10.10",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
},
{
"lessThan": "2.9.12",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-26T11:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher\u2019s authentication tokens."
}
],
"value": "A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher\u2019s authentication tokens."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T12:08:30.507Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58267"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-v3vj-5868-2ch2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher CLI SAML authentication is vulnerable to phishing attacks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-58267",
"datePublished": "2025-10-02T12:08:30.507Z",
"dateReserved": "2025-09-04T04:04:22.186Z",
"dateUpdated": "2026-02-26T17:48:22.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54468 (GCVE-0-2025-54468)
Vulnerability from cvelistv5 – Published: 2025-10-02 10:00 – Updated: 2025-10-02 14:10
VLAI
Title
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
Summary
A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.
Severity
4.7 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
Date Public
2025-09-26 11:02
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T14:10:09.289102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:10:23.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.12.2",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.6",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "2.10.10",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
},
{
"lessThan": "2.9.12",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-26T11:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses."
}
],
"value": "A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T10:00:18.538Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54468"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-mjcp-rj3c-36fr"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher sends sensitive information to external services through the `/meta/proxy` endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-54468",
"datePublished": "2025-10-02T10:00:18.538Z",
"dateReserved": "2025-07-23T08:11:16.425Z",
"dateUpdated": "2025-10-02T14:10:23.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58259 (GCVE-0-2024-58259)
Vulnerability from cvelistv5 – Published: 2025-09-02 11:53 – Updated: 2025-09-02 13:28
VLAI
Title
Rancher affected by unauthenticated Denial of Service
Summary
A vulnerability has been identified within Rancher Manager in which it
did not enforce request body size limits on certain public
(unauthenticated) and authenticated API endpoints. This allows a
malicious user to exploit this by sending excessively large payloads,
which are fully loaded into memory during processing, leading to Denial of Service (DoS).
Severity
8.2 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
Date Public
2025-08-29 13:38
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T13:28:09.503702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T13:28:15.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.12.1",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.5",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "2.10.9",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
},
{
"lessThan": "2.9.11",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
},
{
"lessThan": "0.0.0-20250813072957-aee95d4e2a41",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-08-29T13:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been identified within Rancher Manager in which it \ndid not enforce request body size limits on certain public \n(unauthenticated) and authenticated API endpoints. This allows a \nmalicious user to exploit this by sending excessively large payloads, \nwhich are fully loaded into memory during processing, leading to\u0026nbsp;Denial of Service (DoS)."
}
],
"value": "A vulnerability has been identified within Rancher Manager in which it \ndid not enforce request body size limits on certain public \n(unauthenticated) and authenticated API endpoints. This allows a \nmalicious user to exploit this by sending excessively large payloads, \nwhich are fully loaded into memory during processing, leading to\u00a0Denial of Service (DoS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T11:54:30.959Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58259"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-4h45-jpvh-6p5j"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher affected by unauthenticated Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-58259",
"datePublished": "2025-09-02T11:53:03.928Z",
"dateReserved": "2025-07-23T08:10:38.954Z",
"dateUpdated": "2025-09-02T13:28:15.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52284 (GCVE-0-2024-52284)
Vulnerability from cvelistv5 – Published: 2025-09-02 11:49 – Updated: 2025-09-02 13:31
VLAI
Title
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text
Summary
Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
Severity
7.7 (High)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
Impacted products
Date Public
2025-08-29 12:31
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T13:31:45.987374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T13:31:49.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/fleet",
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.13.1-0.20250806151509-088bcbea7edb",
"status": "affected",
"version": "0.13.0",
"versionType": "semver"
},
{
"lessThan": "0.12.6",
"status": "affected",
"version": "0.12.0",
"versionType": "semver"
},
{
"lessThan": "0.11.10",
"status": "affected",
"version": "0.11.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-08-29T12:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets."
}
],
"value": "Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T11:50:55.874Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52284"
},
{
"url": "https://github.com/advisories/GHSA-6h9x-9j5v-7w9h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher Fleet Helm Values are stored inside BundleDeployment in plain text",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-52284",
"datePublished": "2025-09-02T11:49:49.379Z",
"dateReserved": "2024-11-06T12:19:57.723Z",
"dateUpdated": "2025-09-02T13:31:49.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32197 (GCVE-0-2023-32197)
Vulnerability from cvelistv5 – Published: 2025-04-16 08:40 – Updated: 2026-02-26 18:28
VLAI
Title
Rancher's External RoleTemplates can lead to privilege escalation
Summary
A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Date Public
2024-06-17 20:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T03:55:40.608505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:14.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.7.14",
"status": "affected",
"version": "2.7.0",
"versionType": "semver"
},
{
"lessThan": "2.8.5",
"status": "affected",
"version": "2.8.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-17T20:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Improper Privilege Management vulnerability in SUSE rancher in \u003ccode\u003eRoleTemplate\u003c/code\u003eobjects when external=true is set can lead to privilege escalation in specific scenarios.\u003cp\u003eThis issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.\u003c/p\u003e"
}
],
"value": "A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T08:40:54.464Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32197"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-64jq-m7rq-768h"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher\u0027s External RoleTemplates can lead to privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2023-32197",
"datePublished": "2025-04-16T08:40:54.464Z",
"dateReserved": "2023-05-04T08:30:59.322Z",
"dateUpdated": "2026-02-26T18:28:14.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-22036 (GCVE-0-2024-22036)
Vulnerability from cvelistv5 – Published: 2025-04-16 08:37 – Updated: 2026-02-26 18:28
VLAI
Title
Rancher Remote Code Execution via Cluster/Node Drivers
Summary
A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot
jail and gain root access to the Rancher container itself. In
production environments, further privilege escalation is possible based
on living off the land within the Rancher container itself. For the test
and development environments, based on a –privileged Docker container,
it is possible to escape the Docker container and gain execution access
on the host system.
This issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3.
Severity
9.1 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Date Public
2024-10-25 17:37
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T03:55:41.999711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:14.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.7.16",
"status": "affected",
"version": "2.7.0",
"versionType": "semver"
},
{
"lessThan": "2.8.9",
"status": "affected",
"version": "2.8.0",
"versionType": "semver"
},
{
"lessThan": "2.9.3",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-25T17:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the \u003ccode\u003echroot\u003c/code\u003e\n jail and gain root access to the Rancher container itself. In \nproduction environments, further privilege escalation is possible based \non living off the land within the Rancher container itself. For the test\n and development environments, based on a \u2013privileged Docker container, \nit is possible to escape the Docker container and gain execution access \non the host system.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3.\u003c/p\u003e"
}
],
"value": "A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot\n jail and gain root access to the Rancher container itself. In \nproduction environments, further privilege escalation is possible based \non living off the land within the Rancher container itself. For the test\n and development environments, based on a \u2013privileged Docker container, \nit is possible to escape the Docker container and gain execution access \non the host system.\n\n\nThis issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T08:37:54.218Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22036"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-h99m-6755-rgwc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher Remote Code Execution via Cluster/Node Drivers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-22036",
"datePublished": "2025-04-16T08:37:54.218Z",
"dateReserved": "2024-01-04T12:38:34.025Z",
"dateUpdated": "2026-02-26T18:28:14.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-52281 (GCVE-0-2024-52281)
Vulnerability from cvelistv5 – Published: 2025-04-16 08:31 – Updated: 2026-02-26 18:28
VLAI
Title
Stored Cross-site Scripting vulnerability in Rancher UI
Summary
A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field.
This issue affects rancher: from 2.9.0 before 2.9.4.
Severity
8.9 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Date Public
2025-01-14 21:03
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T03:55:43.486506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:14.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/rancher",
"product": "rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.9.4",
"status": "affected",
"version": "2.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was identified and reported by Bhavin Makwana from Workday\u2019s Cyber Defence Team"
}
],
"datePublic": "2025-01-14T21:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field.\u003cbr\u003e\u003cp\u003eThis issue affects rancher: from 2.9.0 before 2.9.4.\u003c/p\u003e"
}
],
"value": "A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field.\nThis issue affects rancher: from 2.9.0 before 2.9.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0026#39;Cross-site Scripting\u0026#39;)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T08:31:11.378Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52281"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-2v2w-8v8c-wcm9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-site Scripting vulnerability in Rancher UI",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-52281",
"datePublished": "2025-04-16T08:31:11.378Z",
"dateReserved": "2024-11-06T12:19:57.723Z",
"dateUpdated": "2026-02-26T18:28:14.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}