High severity7.7GHSA Advisory· Published Apr 11, 2025· Updated Jun 17, 2026
CVE-2024-52280
CVE-2024-52280
Description
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/steveGo | < 0.0.0-20241029132712-2175e090fe4b | 0.0.0-20241029132712-2175e090fe4b |
Affected products
7- osv-coords6 versionspkg:apk/chainguard/rancher-agent-2.8pkg:apk/chainguard/rancher-agent-2.9pkg:apk/wolfi/rancher-agent-2.8pkg:apk/wolfi/rancher-agent-2.9pkg:golang/github.com/rancher/stevepkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 2.8.10-r0+ 5 more
- (no CPE)range: < 2.8.10-r0
- (no CPE)range: < 2.9.4-r0
- (no CPE)range: < 2.8.10-r0
- (no CPE)range: < 2.9.4-r0
- (no CPE)range: < 0.0.0-20241029132712-2175e090fe4b
- (no CPE)range: < 0.0.20241121T195252-1.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-j5hq-5jcr-xwx7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-52280ghsaADVISORY
- bugzilla.suse.com/show_bug.cginvdWEB
- github.com/rancher/steve/commit/2175e090fe4b1e603a54e1cdc5148a2b1c11b4d9ghsaWEB
- github.com/rancher/steve/security/advisories/GHSA-j5hq-5jcr-xwx7nvdWEB
- pkg.go.dev/vuln/GO-2024-3281ghsaWEB
News mentions
0No linked articles in our index yet.