51 matches found
CVE-2025-67601
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...
CVE-2025-67601
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...
CVE-2024-58269
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...
CVE-2023-32199
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
CVE-2024-58269
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...
CVE-2024-58269
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...
CVE-2023-32199
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
CVE-2023-32199 Rancher user retains access to clusters despite Global Role removal
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
EUVD-2023-36458
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
CVE-2023-32199
CVE-2023-32199 concerns Rancher Manager where removing a custom GlobalRole that grants administrative access or its binding leaves the user with cluster access. Affected are custom GlobalRoles with a wildcard (*) on resources or non-resource URLs, which can result in orphaned ClusterRoleBindings ...
SUSE CVE-2023-32199
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
SUSE CVE-2024-58269
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...
Rancher user retains access to clusters despite Global Role removal
Impact A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that: - Have a on in rule for resources - Hav...
PT-2025-43667
🔴 Rancher Manager, Information Disclosure, CVE-2024-14439 Critical https://t.co/NkN5MegP4B...
PT-2025-43690
Name of the Vulnerable Software and Affected Versions Rancher versions prior to 2.12.3 Rancher versions prior to 2.11.7 Description A flaw exists in Rancher Manager where removing a custom GlobalRole granting administrative access, or its corresponding binding, does not revoke the user's access t...
CVE-2024-58267
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens...
CVE-2024-58260
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts...
CVE-2024-58260
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts...
CVE-2024-58267 Rancher CLI SAML authentication is vulnerable to phishing attacks
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens...
CVE-2025-54468
A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses...