CVE-2024-58260

🗓️ 02 Oct 2025 12:09:46Reported by suseType

CVE-2024-58260: Rancher denial of service via missing username validation by users with update rights.

Reporter	Title	Published	Views	Family All 48
CNNVD	Rancher 安全漏洞	2 Oct 202500:00	–	cnnvd
Cvelist	CVE-2024-58260 Rancher update on users can deny the service to the admin	2 Oct 202512:09	–	cvelist
EUVD	EUVD-2025-31335	3 Oct 202520:07	–	euvd
Github Security Blog	Rancher update on users can deny the service to the admin	26 Sep 202513:02	–	github
NVD	CVE-2024-58260	2 Oct 202512:15	–	nvd
OSV	CVE-2024-58260	2 Oct 202512:15	–	osv
OSV	GHSA-Q82V-H4RQ-5C86 Rancher update on users can deny the service to the admin	26 Sep 202513:02	–	osv
OSV	GO-2025-3983 Rancher update on users can deny the service to the admin in github.com/rancher/rancher	23 Oct 202516:25	–	osv
OSV	OPENSUSE-SU-2025:15666-1 govulncheck-vulndb-0.0.20251023T162509-1.1 on GA media	24 Oct 202500:00	–	osv
OSV	SUSE-SU-2025:3799-1 Security update for govulncheck-vulndb	27 Oct 202507:58	–	osv

[
  {
    "defaultStatus": "unaffected",
    "packageName": "github.com/rancher/rancher",
    "product": "rancher",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.12.2",
        "status": "affected",
        "version": "2.12.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.11.6",
        "status": "affected",
        "version": "2.11.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.10.10",
        "status": "affected",
        "version": "2.10.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.9.12",
        "status": "affected",
        "version": "2.9.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/rancher/rancher/security/advisories/GHSA-q82v-h4rq-5c86
bugzilla	www.bugzilla.suse.com/show_bug.cgi

15 Apr 2026 00:35Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.17.6

EPSS0.00017

SSVC

CWE-863