Rancher 安全漏洞

Rancher is an open-source container management platform developed by Rancher in the United States. It is designed for organizations that deploy containers in production environments. Rancher has a security vulnerability caused by path traversal in the compressedEndpoint field within Extensions...

EUVD-2021-1305

Malware in sbrugna...

EUVD-2025-10800

Malicious code in bioql PyPI...

EUVD-2024-1271

Malicious code in bioql PyPI...

GHSA-8PJC-487G-W6P2 vulnerabilities

Vulnerabilities for packages: ipfs-cluster, nri-f5, nova, portieris, docker-cli, vault-csi-provider, nri-rabbitmq, apm-server, emissary, rancher, wire-go, wal-g, nri-haproxy, witness, argo-events, steampipe, grafana-alloy, kube-logging-operator, nri-redis, glow, aws-otel-collector, cert-manager,...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: fscrypt, nova, secrets-store-csi-driver-provider-azure, aws-nuke, prometheus-postgres-exporter, kubevela, snyk-cli, cert-manager-csi-driver, fulcio-fips, nri-kafka, kube-arangodb, trivy-fips, opentelemetry-collector-contrib, minio-fips, aws-flb-firehose, tflint,...

Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks

Impact A vulnerability has been identified in Steve where by default it was using an insecure option that did not validate the certificate presented by the remote server while performing a TLS connection. This could allow the execution of a man-in-the-middle MitM attack against services using...

CVE-2025-23391

CVE-2025-23391 affects Rancher (SUSE Rancher). A Privilege Assignment flaw allows a Restricted Administrator to change the passwords of Administrators and take over their accounts. Affected versions are Rancher 2.8.0–2.8.13, 2.9.0–2.9.7, and 2.10.0–2.10.3. The issue is fixed in 2.8.14, 2.9.8, and...

CVE-2025-23391 Rancher: Restricted Administrator can change Administrator's passwords

A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4...

GO-2025-3491 Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API in github.com/rancher/rancher

Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login

Impact A vulnerability in Rancher has been discovered, leading to a local user impersonation through SAML Authentication on first login. The issue occurs when a SAML authentication provider AP is configured e.g. Keycloak. A newly created AP user can impersonate any user on Rancher by manipulating...

GHSA-J5HQ-5JCR-XWX7 github.com/rancher/steve's users can issue watch commands for arbitrary resources

Impact A vulnerability has been discovered in Steve API Kubernetes API Translator in which users can watch resources they are not allowed to access, when they have at least some generic permissions on the type. For example, a user who can get a single secret in a single namespace can get all...

RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files include binaries, script...

GHSA-7H8M-PVW3-5GH4 Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby Rancher Manager deployments containing Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files inclu...

Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby Rancher Manager deployments containing Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files inclu...

GHSA-Q6C7-56CQ-G2WM Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec

Impact This issue is only relevant to clusters provisioned using RKE1 with secrets encryption configuration enabled. A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled please see the RKE documentation. When...

GHSA-64JQ-M7RQ-768H Rancher's External RoleTemplates can lead to privilege escalation

Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...

GHSA-GVH9-XGRQ-R8HW Rancher's Steve API Component Improper authorization check allows privilege escalation

Impact A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowledge of the impersonated user's credentials. This is due to the Steve API proxy not dropping the...

Rancher API Server Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identifi...

GHSA-833M-37F7-JQ55 Rancher API Server Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identifi...