Information Disclosure

github.com/rancher/rancher is vulnerable to Information Disclosure. The vulnerability is due to improper handling of Impersonate-Extra- headers, which are sent to external entities via the /meta/proxy endpoint, allowing an attacker to access identifiable or sensitive information such as email...

GO-2025-3982 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint in github.com/rancher/rancher

Rancher sends sensitive information to external services through the /meta/proxy endpoint in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

CVE-2025-54468 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint

A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses...

Rancher 信息泄露漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations that deploy containers in production environments. Rancher suffers from an information disclosure vulnerability that stems from the Impersonate-Extra-header being sent to...