High severity8.0GHSA Advisory· Published Oct 2, 2025· Updated Apr 15, 2026
CVE-2024-58267
CVE-2024-58267
Description
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | >= 2.12.0, < 2.12.2 | 2.12.2 |
github.com/rancher/rancherGo | >= 2.11.0, < 2.11.6 | 2.11.6 |
github.com/rancher/rancherGo | >= 2.10.0, < 2.10.10 | 2.10.10 |
github.com/rancher/rancherGo | >= 2.9.0, < 2.9.12 | 2.9.12 |
Affected products
5- ghsa-coords4 versionspkg:golang/github.com/rancher/rancherpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
>= 2.12.0, < 2.12.2+ 3 more
- (no CPE)range: >= 2.12.0, < 2.12.2
- (no CPE)range: < 0.0.20251023T162509-150000.1.110.1
- (no CPE)range: < 0.0.20251023T162509-1.1
- (no CPE)range: < 0.0.20251023T162509-150000.1.110.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.