VYPR
Critical severity9.1OSV Advisory· Published Apr 16, 2025· Updated Apr 15, 2026

CVE-2024-22036

CVE-2024-22036

Description

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher container itself. For the test and development environments, based on a –privileged Docker container, it is possible to escape the Docker container and gain execution access on the host system.

This issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/rancher/rancherGo
>= 2.7.0, < 2.7.162.7.16
github.com/rancher/rancherGo
>= 2.8.0, < 2.8.92.8.9
github.com/rancher/rancherGo
>= 2.9.0, < 2.9.32.9.3

Affected products

8

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.