Lucene search
K

9 matches found

OSV
OSV
added 2025/04/25 3:12 p.m.5 views

GHSA-95FC-G4GJ-MQMX Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks

Impact A vulnerability has been identified in Steve where by default it was using an insecure option that did not validate the certificate presented by the remote server while performing a TLS connection. This could allow the execution of a man-in-the-middle MitM attack against services using...

8CVSS6.4AI score0.00296EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/16 8:31 a.m.9 views

CVE-2024-52281 Stored Cross-site Scripting vulnerability in Rancher UI

A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4...

8.9CVSS8.4AI score0.00476EPSS
Exploits0References2
CVE
CVE
added 2025/04/16 8:31 a.m.61 views

CVE-2024-52281

The CVE-2024-52281 issue is a Stored XSS vulnerability in Rancher UI caused by improper neutralization of cluster description input during web page generation. It affects Rancher versions 2.9.0 through before 2.9.4. Successful exploitation could allow a malicious actor to inject and store malicio...

8.9CVSS8.3AI score0.00476EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/16 8:31 a.m.24 views

CVE-2024-52281 Stored Cross-site Scripting vulnerability in Rancher UI

A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4...

8.9CVSS0.00476EPSS
Exploits0References2
OSV
OSV
added 2025/01/15 3:20 p.m.9 views

GO-2025-3391 Rancher UI has Stored Cross-site Scripting vulnerability in github.com/rancher/rancher

Rancher UI has Stored Cross-site Scripting vulnerability in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

8.9CVSS8.3AI score0.00476EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/01/14 10:3 p.m.10 views

Rancher UI has Stored Cross-site Scripting vulnerability

Impact A vulnerability has been identified within Rancher UI that allows a malicious actor to perform a Stored XSS attack through the cluster description field. Please consult the associated MITRE ATT&CK - Technique - Drive-by Compromise for further information about this category of attack...

8.9CVSS8.4AI score0.00476EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/01/14 10:3 p.m.9 views

GHSA-2V2W-8V8C-WCM9 Rancher UI has Stored Cross-site Scripting vulnerability

Impact A vulnerability has been identified within Rancher UI that allows a malicious actor to perform a Stored XSS attack through the cluster description field. Please consult the associated MITRE ATT&CK - Technique - Drive-by Compromise for further information about this category of attack...

8.9CVSS8.4AI score0.00476EPSS
Exploits0References4
OSV
OSV
added 2023/06/01 1:15 p.m.32 views

CVE-2023-22648

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example...

8.8CVSS8.5AI score0.00454EPSS
Exploits0References2
NVD
NVD
added 2023/06/01 1:15 p.m.28 views

CVE-2023-22648

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example...

8.8CVSS8.1AI score0.00454EPSS
Exploits0References2
Rows per page
Query Builder