VYPR

Vendor CVEs

Rancher

All CVEs

42 total · sorted by risk
  • CVE-2022-45157CriNov 13, 2024
    risk 0.59cvss 9.1epss 0.00

    A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being…

  • CVE-2026-41050CriMay 13, 2026
    risk 0.57cvss 9.9epss 0.00

    Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.

  • CVE-2023-32191CriOct 16, 2024
    risk 0.57cvss 9.9epss 0.01

    When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin.

  • CVE-2023-22650HigOct 16, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which…

  • CVE-2024-58267HigOct 2, 2025
    risk 0.52cvss 8.0epss 0.00

    A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.

  • CVE-2024-22036CriApr 16, 2025
    risk 0.52cvss 9.1epss 0.01

    A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land…

  • CVE-2025-23391CriApr 11, 2025
    risk 0.52cvss 9.1epss 0.00

    A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4.

  • CVE-2024-22030HigOct 16, 2024
    risk 0.52cvss 8.0epss 0.00

    A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit…

  • CVE-2024-52281HigApr 16, 2025
    risk 0.51cvss 8.9epss 0.00

    A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4.

  • CVE-2026-44543HigMay 28, 2026
    risk 0.50cvss 8.7epss 0.00

    Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used…

  • CVE-2024-58260HigOct 2, 2025
    risk 0.49cvss 7.6epss 0.00

    A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.

  • CVE-2026-25705HigMay 13, 2026
    risk 0.48cvss 8.4epss 0.00

    A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin`…

  • CVE-2025-23389HigApr 11, 2025
    risk 0.48cvss 8.4epss 0.00

    A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

  • CVE-2023-32193HigOct 16, 2024
    risk 0.47cvss 8.3epss 0.00

    A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely.

  • CVE-2023-32192HigOct 16, 2024
    risk 0.47cvss 8.3epss 0.00

    A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser

  • CVE-2024-58259HigSep 2, 2025
    risk 0.46cvss 8.2epss 0.00

    A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are…

  • CVE-2025-23388HigApr 11, 2025
    risk 0.46cvss 8.2epss 0.01

    A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

  • CVE-2023-32198higApr 25, 2025
    risk 0.45cvss epss 0.00

    ### Impact A vulnerability has been identified in Steve where by default it was using an insecure option that did not validate the certificate presented by the remote server while performing a TLS connection. This could allow the execution of a man-in-the-middle (MitM) attack…

  • CVE-2024-52284HigSep 2, 2025
    risk 0.43cvss 7.7epss 0.00

    Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

  • CVE-2024-52280HigApr 11, 2025
    risk 0.43cvss 7.7epss 0.00

    A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before…

  • CVE-2023-32196MedOct 16, 2024
    risk 0.43cvss 6.6epss 0.00

    A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation.

  • CVE-2024-22032MedOct 16, 2024
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluster members, and Project…

  • CVE-2023-32194HigOct 16, 2024
    risk 0.40cvss 7.2epss 0.00

    A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or…

  • CVE-2024-22031higApr 25, 2025
    risk 0.39cvss epss 0.01

    ### Impact A vulnerability has been identified within Rancher where a user with the ability to create a project, on a certain cluster, can create a project with the same name as an existing project in a different cluster. This results in the user gaining access to the other…

  • CVE-2023-32197MedApr 16, 2025
    risk 0.36cvss 6.6epss 0.01

    A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.

  • CVE-2024-52282MedApr 11, 2025
    risk 0.33cvss 6.2epss 0.00

    A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information …

  • CVE-2025-54468MedOct 2, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g.…

  • CVE-2025-23387MedApr 11, 2025
    risk 0.27cvss 5.3epss 0.00

    A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from…

  • CVE-2024-58269MedOct 29, 2025
    risk 0.21cvss 4.3epss 0.00

    A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.

  • CVE-2023-32199MedOct 29, 2025
    risk 0.21cvss 4.3epss 0.00

    A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule…

  • CVE-2025-23390medApr 25, 2025
    risk 0.19cvss epss 0.00

    ### Impact A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate when connecting through SSH if the certificate isn’t set in the `known_hosts` file. This could allow the execution of a…

  • CVE-2026-44939Jun 19, 2026
    risk 0.00cvss epss 0.01

    A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers.

  • CVE-2024-44843Apr 15, 2025
    risk 0.00cvss epss 0.00

    An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.

  • CVE-2024-21550Aug 12, 2024
    risk 0.00cvss epss 0.00

    SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to…

  • CVE-2024-25407Feb 13, 2024
    risk 0.00cvss epss 0.01

    SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.

  • CVE-2020-10676Dec 12, 2023
    risk 0.00cvss epss 0.01

    In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.

  • CVE-2021-31999Jul 15, 2021
    risk 0.00cvss epss 0.01

    A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher…

  • CVE-2021-25320Jul 15, 2021
    risk 0.00cvss epss 0.01

    A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher…

  • CVE-2021-25318Jul 15, 2021
    risk 0.00cvss epss 0.01

    A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16.

  • CVE-2019-1020009Jul 29, 2019
    risk 0.00cvss epss 0.01

    Fleet before 2.1.2 allows exposure of SMTP credentials.

  • CVE-2019-6287Apr 10, 2019
    risk 0.00cvss epss 0.01

    In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.

  • CVE-2018-20321Apr 10, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated…