Lucene search
K

60 matches found

OSV
OSV
added 2026/07/01 8:57 p.m.5 views

GHSA-VX8H-4PRV-G744 Rancher has Privilege Escalation from Project Owner to Host

Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 8:44 p.m.12 views

EUVD-2026-38009

Rancher vulnerable to command injection through unsanitized YAML parameter...

9.4CVSS5.8AI score0.01277EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-55201

Name of the Vulnerable Software and Affected Versions SUSE Rancher Fleet versions prior to 0.15.2 SUSE Rancher Fleet versions prior to 0.14.6 SUSE Rancher Fleet versions prior to 0.13.11 SUSE Rancher Fleet versions prior to 0.12.15 Description Missing validation of valuesFrom references in the He...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References8
NVD
NVD
added 2026/06/19 1:16 p.m.11 views

CVE-2026-44939

A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers...

9.4CVSS0.01277EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 12:13 p.m.50 views

CVE-2026-44939

An input validation flaw in Rancher Manager's import endpoint (/v3/import/{token}_{clusterId}.yaml) allows command injection via unsanitized YAML parameters in versions prior to 2.14.2. Impact: remote attackers could break out of the container image and execute arbitrary code inside containers. R...

9.4CVSS6AI score0.01277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50872

Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.14.2 Description A command injection issue exists in the import endpoint "/v3/import/token clusterId.yaml". This occurs due to unsanitized YAML parameters, which could allow remote attackers to break out of ...

9.6CVSS6AI score0.01277EPSS
Exploits0References11
NVD
NVD
added 2026/06/16 5:16 p.m.11 views

CVE-2025-71261

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control...

8.6CVSS0.00208EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 3:42 p.m.15 views

CVE-2025-71261

The CVE-2025-71261 issue affects the SUSE Virtualization (Harvester) Rancher integration registration client, specifically the cluster-registration-url path. The root cause is an insecure TLS setup that fails to verify the remote server’s certificate, enabling MITM between SUSE Virtualization and...

8.6CVSS5.2AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 3:42 p.m.8 views

EUVD-2025-210170

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control...

8.6CVSS5.2AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 11:16 a.m.6 views

CVE-2025-67601

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

8.3CVSS0.00153EPSS
Exploits0References2
OSV
OSV
added 2026/02/25 10:36 a.m.8 views

CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

8.3CVSS5.8AI score0.00153EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/30 3:20 p.m.8 views

CVE-2023-32199

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...

4.3CVSS6.8AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 3:20 p.m.7 views

CVE-2024-58269

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...

4.3CVSS6.8AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2025/10/29 3:15 p.m.6 views

CVE-2024-58269

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...

4.3CVSS0.00271EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 3:15 p.m.5 views

CVE-2024-58269

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 3:15 p.m.8 views

CVE-2023-32199

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...

4.3CVSS5.7AI score0.00208EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/29 2:54 p.m.9 views

CVE-2023-32199 Rancher user retains access to clusters despite Global Role removal

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...

4.3CVSS0.00208EPSS
Exploits0References2
CVE
CVE
added 2025/10/29 2:54 p.m.14 views

CVE-2023-32199

CVE-2023-32199 concerns Rancher Manager where removing a custom GlobalRole that grants administrative access or its binding leaves the user with cluster access. Affected are custom GlobalRoles with a wildcard (*) on resources or non-resource URLs, which can result in orphaned ClusterRoleBindings ...

4.3CVSS6.5AI score0.00208EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/29 2:54 p.m.4 views

EUVD-2023-36458

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...

4.3CVSS6.4AI score0.00208EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/10/25 12:13 a.m.3 views

SUSE CVE-2023-32199

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References4
Rows per page
Query Builder