CVE-2025-23391 Rancher: Restricted Administrator can change Administrator's passwords

🗓️ 11 Apr 2025 10:38:43Reported by suseType

Vulnerability allows Restricted Administrator to change Administrator passwords and take over accounts.

Reporter	Title	Published	Views	Family All 23
ATTACKERKB	CVE-2025-23391	11 Apr 202511:15	–	attackerkb
Circl	CVE-2025-23391	3 Apr 202506:02	–	circl
CNNVD	Rancher 安全漏洞	11 Apr 202500:00	–	cnnvd
CVE	CVE-2025-23391	11 Apr 202510:38	–	cve
EUVD	EUVD-2025-9310	3 Oct 202520:07	–	euvd
Github Security Blog	Rancher: Restricted Administrator can change Administrator's passwords	1 Apr 202514:19	–	github
NVD	CVE-2025-23391	11 Apr 202511:15	–	nvd
OPENSUSE Linux	govulncheck-vulndb-0.0.20250402T160203-1.1 on GA media (moderate)	5 Apr 202500:00	–	opensuse
OSV	CVE-2025-23391	11 Apr 202511:15	–	osv
OSV	GHSA-8P83-CPFG-FJ3G Rancher: Restricted Administrator can change Administrator's passwords	1 Apr 202514:19	–	osv

[
  {
    "defaultStatus": "unaffected",
    "packageName": "github.com/rancher/rancher",
    "product": "rancher",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.8.14",
        "status": "affected",
        "version": "2.8.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.9.8",
        "status": "affected",
        "version": "2.9.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.10.4",
        "status": "affected",
        "version": "2.10.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/rancher/rancher/security/advisories/GHSA-8p83-cpfg-fj3g
bugzilla	www.bugzilla.suse.com/show_bug.cgi

11 Apr 2025 10:38Current

CVSS 3.19.1

EPSS0.00235

CWE-266