Exposure Of Sensitive Information

github.com/rancher/rancher is vulnerable to Exposure of Sensitive Information. The vulnerability is due to sensitive data being written to Rancher audit logs, which allows an attacker with access to these logs to obtain secret data, cluster import URLs, and registration tokens...

CVE-2024-58269

CVE-2024-58269 affects Rancher Manager where sensitive data (secrets, cluster import URLs, registration tokens) can be exposed to anyone with access to Rancher audit logs. Root cause: leakage through audit logs containing full request/response bodies, including secrets annotated in Kubernetes obj...

SUSE CVE-2024-58269

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...

Rancher exposes sensitive information through audit logs

Impact Note: The exploitation of this issue requires that the malicious user have access to Rancher’s audit log storage. A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any enti...