Rancher Vulnerability: Narrow MITM Exploit via Domain Control
CVE-2024-22030

8HIGH

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 16 October 2024

What is CVE-2024-22030?

A vulnerability within Rancher has been identified, which could be exploited under specific conditions via a man-in-the-middle (MITM) attack. For this to take place, an attacker must either have control over a domain that has expired or carry out a DNS spoofing or hijacking attack against the Rancher URL. This potential security flaw requires stringent measures to safeguard against domain takeover and reinforce DNS security protocols to prevent exploitation. Organizations using Rancher must remain vigilant, ensuring they regularly monitor domain statuses and assess their DNS integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

rancher 2.7.0 < 2.7.15

rancher 2.8.0 < 2.8.8

rancher 2.9.0 < 2.9.2

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22030

https://github.com/rancher/rancher/security/advisories/GH...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
Jan 4, 2024

Credit

Jarkko Vesiluoma from Redtest Security

JSON

Suse

What is CVE-2024-22030?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.