WID-SEC-W-2026-0276

Vulnerability from csaf_certbund - Published: 2026-02-01 23:00 - Updated: 2026-03-04 23:00
Summary
Rancher Manager und Backup Operator: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Rancher ist ein Werkzeug für die Verwaltung von Kubernetes-Container basierten Umgebungen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Rancher Manager und Backup Operator ausnutzen, um Sicherheitsvorkehrungen zu umgehen und vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Sonstiges - UNIX
CVE-2025-67601
CVE-2025-62879
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Rancher ist ein Werkzeug f\u00fcr die Verwaltung von Kubernetes-Container basierten Umgebungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Rancher Manager und Backup Operator ausnutzen, um Sicherheitsvorkehrungen zu umgehen und vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0276 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0276.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0276 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0276"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-02-01",
        "url": "https://github.com/advisories/GHSA-mc24-7m59-4q5p"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2026-02-01",
        "url": "https://github.com/rancher/backup-restore-operator/security/advisories/GHSA-wj3p-5h3x-c74q"
      }
    ],
    "source_lang": "en-US",
    "title": "Rancher Manager und Backup Operator: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-04T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-05T08:27:21.843+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0276",
      "initial_release_date": "2026-02-01T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-01T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-208270"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.13.2",
                "product": {
                  "name": "Rancher Rancher \u003c2.13.2",
                  "product_id": "T050468"
                }
              },
              {
                "category": "product_version",
                "name": "2.13.2",
                "product": {
                  "name": "Rancher Rancher 2.13.2",
                  "product_id": "T050468-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:2.13.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.12.6",
                "product": {
                  "name": "Rancher Rancher \u003c2.12.6",
                  "product_id": "T050469"
                }
              },
              {
                "category": "product_version",
                "name": "2.12.6",
                "product": {
                  "name": "Rancher Rancher 2.12.6",
                  "product_id": "T050469-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:2.12.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.11.10",
                "product": {
                  "name": "Rancher Rancher \u003c2.11.10",
                  "product_id": "T050470"
                }
              },
              {
                "category": "product_version",
                "name": "2.11.10",
                "product": {
                  "name": "Rancher Rancher 2.11.10",
                  "product_id": "T050470-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:2.11.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.10.11",
                "product": {
                  "name": "Rancher Rancher \u003c2.10.11",
                  "product_id": "T050471"
                }
              },
              {
                "category": "product_version",
                "name": "2.10.11",
                "product": {
                  "name": "Rancher Rancher 2.10.11",
                  "product_id": "T050471-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:2.10.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Backup Operator \u003c108.0.1+up9.0.1",
                "product": {
                  "name": "Rancher Rancher Backup Operator \u003c108.0.1+up9.0.1",
                  "product_id": "T050472"
                }
              },
              {
                "category": "product_version",
                "name": "Backup Operator 108.0.1+up9.0.1",
                "product": {
                  "name": "Rancher Rancher Backup Operator 108.0.1+up9.0.1",
                  "product_id": "T050472-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:backup_operator__108.0.1up9.0.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Backup Operator \u003c107.1.2+up8.1.2",
                "product": {
                  "name": "Rancher Rancher Backup Operator \u003c107.1.2+up8.1.2",
                  "product_id": "T050473"
                }
              },
              {
                "category": "product_version",
                "name": "Backup Operator 107.1.2+up8.1.2",
                "product": {
                  "name": "Rancher Rancher Backup Operator 107.1.2+up8.1.2",
                  "product_id": "T050473-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:backup_operator__107.1.2up8.1.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Backup Operator \u003c106.0.6+up7.0.5",
                "product": {
                  "name": "Rancher Rancher Backup Operator \u003c106.0.6+up7.0.5",
                  "product_id": "T050474"
                }
              },
              {
                "category": "product_version",
                "name": "Backup Operator 106.0.6+up7.0.5",
                "product": {
                  "name": "Rancher Rancher Backup Operator 106.0.6+up7.0.5",
                  "product_id": "T050474-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:backup_operator__106.0.6up7.0.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Backup Operator \u003c105.0.6+up6.0.3",
                "product": {
                  "name": "Rancher Rancher Backup Operator \u003c105.0.6+up6.0.3",
                  "product_id": "T050475"
                }
              },
              {
                "category": "product_version",
                "name": "Backup Operator 105.0.6+up6.0.3",
                "product": {
                  "name": "Rancher Rancher Backup Operator 105.0.6+up6.0.3",
                  "product_id": "T050475-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rancher:rancher:backup_operator__105.0.6up6.0.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rancher"
          }
        ],
        "category": "vendor",
        "name": "Rancher"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-67601",
      "product_status": {
        "known_affected": [
          "T050471",
          "T050470",
          "T050469",
          "T050468"
        ]
      },
      "release_date": "2026-02-01T23:00:00.000+00:00",
      "title": "CVE-2025-67601"
    },
    {
      "cve": "CVE-2025-62879",
      "product_status": {
        "known_affected": [
          "T050473",
          "T050472",
          "T050475",
          "T050474"
        ]
      },
      "release_date": "2026-02-01T23:00:00.000+00:00",
      "title": "CVE-2025-62879"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.