High severity7.6GHSA Advisory· Published Oct 2, 2025· Updated Apr 15, 2026
CVE-2024-58260
CVE-2024-58260
Description
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | >= 2.12.0, < 2.12.2 | 2.12.2 |
github.com/rancher/rancherGo | >= 2.11.0, < 2.11.6 | 2.11.6 |
github.com/rancher/rancherGo | >= 2.10.0, < 2.10.10 | 2.10.10 |
github.com/rancher/rancherGo | >= 2.9.0, < 2.9.12 | 2.9.12 |
Affected products
5- ghsa-coords4 versionspkg:golang/github.com/rancher/rancherpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
>= 2.12.0, < 2.12.2+ 3 more
- (no CPE)range: >= 2.12.0, < 2.12.2
- (no CPE)range: < 0.0.20251023T162509-150000.1.110.1
- (no CPE)range: < 0.0.20251023T162509-1.1
- (no CPE)range: < 0.0.20251023T162509-150000.1.110.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.