9 matches found
GHSA-95FC-G4GJ-MQMX Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks
Impact A vulnerability has been identified in Steve where by default it was using an insecure option that did not validate the certificate presented by the remote server while performing a TLS connection. This could allow the execution of a man-in-the-middle MitM attack against services using...
CVE-2024-52281 Stored Cross-site Scripting vulnerability in Rancher UI
A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4...
CVE-2024-52281
The CVE-2024-52281 issue is a Stored XSS vulnerability in Rancher UI caused by improper neutralization of cluster description input during web page generation. It affects Rancher versions 2.9.0 through before 2.9.4. Successful exploitation could allow a malicious actor to inject and store malicio...
CVE-2024-52281 Stored Cross-site Scripting vulnerability in Rancher UI
A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4...
GO-2025-3391 Rancher UI has Stored Cross-site Scripting vulnerability in github.com/rancher/rancher
Rancher UI has Stored Cross-site Scripting vulnerability in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
Rancher UI has Stored Cross-site Scripting vulnerability
Impact A vulnerability has been identified within Rancher UI that allows a malicious actor to perform a Stored XSS attack through the cluster description field. Please consult the associated MITRE ATT&CK - Technique - Drive-by Compromise for further information about this category of attack...
GHSA-2V2W-8V8C-WCM9 Rancher UI has Stored Cross-site Scripting vulnerability
Impact A vulnerability has been identified within Rancher UI that allows a malicious actor to perform a Stored XSS attack through the cluster description field. Please consult the associated MITRE ATT&CK - Technique - Drive-by Compromise for further information about this category of attack...
CVE-2023-22648
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example...
CVE-2023-22648
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example...