Denial of Access Vulnerability in Rancher Manager by SUSE
CVE-2024-58260

7.6HIGH

Key Information:

Vendor

Suse

Status
Vendor
CVE Published:
2 October 2025

What is CVE-2024-58260?

A vulnerability in Rancher Manager has been discovered, resulting from insufficient server-side validation on the .username field. This flaw could allow users possessing update permissions on other User resources to deny access to specific targeted accounts. This highlights the importance of robust validation measures to safeguard against potential exploits that could disrupt access for legitimate users.

Affected Version(s)

rancher 2.12.0 < 2.12.2

rancher 2.11.0 < 2.11.6

rancher 2.10.0 < 2.10.10

References

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-58260 : Denial of Access Vulnerability in Rancher Manager by SUSE