VYPR

Rancher

by Rancher

Source repositories

CVEs (28)

  • CVE-2022-45157CriNov 13, 2024
    risk 0.59cvss 9.1epss 0.00

    A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being…

  • CVE-2023-22650HigOct 16, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which…

  • CVE-2024-58267HigOct 2, 2025
    risk 0.52cvss 8.0epss 0.00

    A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.

  • CVE-2024-22036CriApr 16, 2025
    risk 0.52cvss 9.1epss 0.01

    A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land…

  • CVE-2025-23391CriApr 11, 2025
    risk 0.52cvss 9.1epss 0.00

    A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4.

  • CVE-2024-22030HigOct 16, 2024
    risk 0.52cvss 8.0epss 0.00

    A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit…

  • CVE-2024-52281HigApr 16, 2025
    risk 0.51cvss 8.9epss 0.00

    A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4.

  • CVE-2024-58260HigOct 2, 2025
    risk 0.49cvss 7.6epss 0.00

    A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.

  • CVE-2026-25705HigMay 13, 2026
    risk 0.48cvss 8.4epss 0.00

    A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin`…

  • CVE-2025-23389HigApr 11, 2025
    risk 0.48cvss 8.4epss 0.00

    A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

  • CVE-2024-58259HigSep 2, 2025
    risk 0.46cvss 8.2epss 0.00

    A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are…

  • CVE-2025-23388HigApr 11, 2025
    risk 0.46cvss 8.2epss 0.01

    A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

  • CVE-2023-32196MedOct 16, 2024
    risk 0.43cvss 6.6epss 0.00

    A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation.

  • CVE-2024-22032MedOct 16, 2024
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluster members, and Project…

  • CVE-2023-32194HigOct 16, 2024
    risk 0.40cvss 7.2epss 0.00

    A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or…

  • CVE-2024-22031higApr 25, 2025
    risk 0.39cvss epss 0.01

    ### Impact A vulnerability has been identified within Rancher where a user with the ability to create a project, on a certain cluster, can create a project with the same name as an existing project in a different cluster. This results in the user gaining access to the other…

  • CVE-2023-32197MedApr 16, 2025
    risk 0.36cvss 6.6epss 0.01

    A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.

  • CVE-2024-52282MedApr 11, 2025
    risk 0.33cvss 6.2epss 0.00

    A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information …

  • CVE-2025-54468MedOct 2, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g.…

  • CVE-2025-23387MedApr 11, 2025
    risk 0.27cvss 5.3epss 0.00

    A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from…

Page 1 of 2