Lucene search
K

24 matches found

EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40130

Rancher has Privilege Escalation from Project Owner to Host...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References4
CVE
CVE
added 5 days ago21 views

CVE-2026-44946

CVE-2026-44946 describes a SAML authentication replay vulnerability in Rancher’s Assertion Consumer Service (ACS) handler, where one-time use of SAML assertions was not enforced. The issue can enable man‑in‑the‑middle style abuse against Rancher, affecting Rancher 2.14.0 up to (but not including)...

9.5CVSS5.8AI score0.00291EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-53861

Name of the Vulnerable Software and Affected Versions Rancher versions 2.14.0 through 2.14.2 Rancher versions 2.13.0 through 2.13.6 Rancher versions 2.12.0 through 2.12.10 Rancher versions 2.11.0 through 2.11.14 Description A SAML authentication replay issue exists in the Assertion Consumer Servi...

9.5CVSS5.9AI score0.00291EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/07 1:26 a.m.9 views

Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Impact Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo. Helm lookup bypass: The Helm template...

9.9CVSS5.8AI score0.00379EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/03 2:49 p.m.5 views

GHSA-8W87-58W6-HFV8 Rancher doesn't properly sanitize credentials in cluster template answers

Impact It was discovered that in Rancher versions up to and including 2.5.12 and 2.6.3 there is a failure to properly sanitize credentials in cluster template answers. This failure can lead to plaintext storage and exposure of credentials, passwords and API tokens. The exposed credentials are...

9.9CVSS5.9AI score0.00647EPSS
Exploits0References4
OSV
OSV
added 2025/10/23 4:25 p.m.6 views

GO-2025-3984 Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher

Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabili...

8CVSS7.1AI score0.00217EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.7 views

PT-2025-36647

Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

6.9AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 5:52 a.m.3 views

CVE-2023-22648

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example...

8.8CVSS6.7AI score0.00454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/11 10:38 a.m.9 views

CVE-2025-23391 Rancher: Restricted Administrator can change Administrator's passwords

A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4...

9.1CVSS7AI score0.00433EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/06/18 3:1 a.m.2 views

SUSE CVE-2023-32197

A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5...

7.5CVSS7.2AI score0.00508EPSS
Exploits0References10
Metasploit
Metasploit
added 2024/04/19 7:51 p.m.458 views

Rancher Authenticated API Credential Exposure

An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Ranchers service account token used to provision clusters, were stored in plaintext directly on Kubernetes objects like Clusters, for example...

9.9CVSS8.1AI score0.0293EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2023/06/02 2:29 a.m.7 views

SUSE CVE-2023-22648

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example...

8.8CVSS6.7AI score0.00454EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/01 12:0 a.m.8 views

Rancher Labs Rancher 安全漏洞

Rancher Labs Rancher is an open source enterprise container management platform from Rancher Labs, Inc. in the United States. A security vulnerability exists in Rancher Labs Rancher versions 2.6.0 through 2.6.13 and 2.7.0 through 2.7.4, which stems from improper privilege management in SUSE...

8.8CVSS7.9AI score0.00454EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/17 12:0 a.m.7 views

PT-2023-3760 · Suse · Suse Rancher

Name of the Vulnerable Software and Affected Versions: SUSE Rancher versions 2.6.0 through 2.6.12 SUSE Rancher versions 2.7.0 through 2.7.3 Description: The issue is related to improper privilege management in SUSE Rancher, allowing standard users to manipulate Kubernetes secrets in the local...

9.9CVSS7AI score0.00715EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.5 views

SUSE CVE-2021-25320

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to...

9.9CVSS8.8AI score0.00832EPSS
Exploits0References6
OSV
OSV
added 2023/02/07 1:15 p.m.28 views

CVE-2022-43757

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher...

8.8CVSS8.8AI score
Exploits0References1
NVD
NVD
added 2023/02/07 1:15 p.m.45 views

CVE-2022-43758

A Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM only admin users by default This issue...

7.6CVSS7.7AI score0.00981EPSS
Exploits0References1
Prion
Prion
added 2023/02/07 1:15 p.m.22 views

Command injection

A Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM only admin users by default This issue...

5.4CVSS7AI score0.00981EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/02/07 1:15 p.m.20 views

Design/Logic Flaw

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1...

7.5CVSS9.3AI score0.0172EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/02/07 1:15 p.m.28 views

Design/Logic Flaw

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher...

6.5CVSS8.8AI score0.00553EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder