Denial of Access Vulnerability in Rancher Manager by SUSE
CVE-2024-58260

7.6HIGH

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 2 October 2025

What is CVE-2024-58260?

A vulnerability in Rancher Manager has been discovered, resulting from insufficient server-side validation on the .username field. This flaw could allow users possessing update permissions on other User resources to deny access to specific targeted accounts. This highlights the importance of robust validation measures to safeguard against potential exploits that could disrupt access for legitimate users.

Affected Version(s)

rancher 2.12.0 < 2.12.2

rancher 2.11.0 < 2.11.6

rancher 2.10.0 < 2.10.10

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58260

https://github.com/rancher/rancher/security/advisories/GH...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Jul 23, 2025

JSON

Suse

What is CVE-2024-58260?

Affected Version(s)

References

CVSS V3.1

Timeline