57 matches found
CVE-2026-44939
A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers...
CVE-2026-44939
An input validation flaw in Rancher Manager's import endpoint (/v3/import/{token}_{clusterId}.yaml) allows command injection via unsanitized YAML parameters in versions prior to 2.14.2. Impact: remote attackers could break out of the container image and execute arbitrary code inside containers. R...
PT-2026-50872
Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.14.2 Description A command injection issue exists in the import endpoint "/v3/import/token clusterId.yaml". This occurs due to unsanitized YAML parameters, which could allow remote attackers to break out of ...
CVE-2025-71261
An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control...
CVE-2025-71261
The CVE-2025-71261 issue affects the SUSE Virtualization (Harvester) Rancher integration registration client, specifically the cluster-registration-url path. The root cause is an insecure TLS setup that fails to verify the remote server’s certificate, enabling MITM between SUSE Virtualization and...
EUVD-2025-210170
An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control...
CVE-2025-67601
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...
CVE-2025-67601
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...
CVE-2024-58269
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...
CVE-2023-32199
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
CVE-2024-58269
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...
CVE-2024-58269
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...
CVE-2023-32199
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
CVE-2023-32199 Rancher user retains access to clusters despite Global Role removal
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
CVE-2023-32199
CVE-2023-32199 concerns Rancher Manager where removing a custom GlobalRole that grants administrative access or its binding leaves the user with cluster access. Affected are custom GlobalRoles with a wildcard (*) on resources or non-resource URLs, which can result in orphaned ClusterRoleBindings ...
EUVD-2023-36458
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
SUSE CVE-2023-32199
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
SUSE CVE-2024-58269
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...
Rancher user retains access to clusters despite Global Role removal
Impact A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that: - Have a on in rule for resources - Hav...
PT-2025-43667
🔴 Rancher Manager, Information Disclosure, CVE-2024-14439 Critical https://t.co/NkN5MegP4B...