CVE-2024-22030 Rancher agents can be hijacked by taking over the Rancher Server URL

🗓️ 16 Oct 2024 13:24:06Reported by suseType

Rancher vulnerability allows hijacking using expired domain or DNS spoofin

Reporter	Title	Published	Views	Family All 70
CNNVD	Rancher 信任管理问题漏洞	16 Oct 202400:00	–	cnnvd
CVE	CVE-2024-22030	16 Oct 202413:24	–	cve
EUVD	EUVD-2024-2807	3 Oct 202520:07	–	euvd
Github Security Blog	Rancher agents can be hijacked by taking over the Rancher Server URL	26 Sep 202421:13	–	github
NVD	CVE-2024-22030	16 Oct 202414:15	–	nvd
OPENSUSE Linux	Security update for govulncheck-vulndb (important)	5 Nov 202400:00	–	opensuse
OPENSUSE Linux	govulncheck-vulndb-0.0.20241030T212825-1.1 on GA media (moderate)	2 Nov 202400:00	–	opensuse
OpenVAS	openSUSE Security Advisory (SUSE-SU-2024:3911-1)	6 Nov 202400:00	–	openvas
OSV	CVE-2024-22030	16 Oct 202414:15	–	osv
OSV	GHSA-H4H5-9833-V2P4 Rancher agents can be hijacked by taking over the Rancher Server URL	26 Sep 202421:13	–	osv

[
  {
    "defaultStatus": "unaffected",
    "packageName": "github.com/rancher/rancher",
    "product": "rancher",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.7.15",
        "status": "affected",
        "version": "2.7.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.8.8",
        "status": "affected",
        "version": "2.8.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.9.2",
        "status": "affected",
        "version": "2.9.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/rancher/rancher/security/advisories/GHSA-h4h5-9833-v2p4
bugzilla	www.bugzilla.suse.com/show_bug.cgi

16 Oct 2024 13:24Current

CVSS 3.18

EPSS0.00377

CWE-295