Sensitive Information Exposure in SUSE Rancher Software
CVE-2024-52280

7.7HIGH

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 11 April 2025

Summary

A vulnerability in SUSE Rancher allows unauthorized users with limited permissions to access and observe resources they should not have visibility into. This exposure of sensitive information can lead to potential data leaks and security breaches, as users can view resources beyond their intended access rights. Affected versions include Rancher prior to 2175e09, before 6e30359, and before c744f0b, opening pathways for unauthorized interactions within the system. Organizations using these versions must address this vulnerability promptly to safeguard sensitive data.

Affected Version(s)

rancher 0 < 2175e09

rancher 0 < 6e30359

rancher 0

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52280

https://github.com/rancher/steve/security/advisories/GHSA...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Nov 6, 2024