Go modules package
github.com/rancher/steve
pkg:golang/github.com/rancher/steve
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-32198 | hig | — | >= 0.2.0, < 0.2.1 | 0.2.1 | Apr 25, 2025 | ### Impact A vulnerability has been identified in Steve where by default it was using an insecure option that did not validate the certificate presented by the remote server while performing a TLS connection. This could allow the execution of a man-in-the-middle (MitM) attack aga | |
| CVE-2024-52280 | Hig | 7.7 | < 0.0.0-20241029132712-2175e090fe4b | 0.0.0-20241029132712-2175e090fe4b | Apr 11, 2025 | A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30 |
- affected >= 0.2.0, < 0.2.1fixed 0.2.1
### Impact A vulnerability has been identified in Steve where by default it was using an insecure option that did not validate the certificate presented by the remote server while performing a TLS connection. This could allow the execution of a man-in-the-middle (MitM) attack aga
- affected < 0.0.0-20241029132712-2175e090fe4bfixed 0.0.0-20241029132712-2175e090fe4b
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30