Exposure of Sensitive Information in SUSE Rancher
CVE-2025-23387

5.3MEDIUM

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 11 April 2025

Summary

A vulnerability in SUSE Rancher allows unauthenticated users to exploit weaknesses in the system by listing all CLI authentication tokens. This flaw enables attackers to delete tokens before they can be accessed securely, creating a risk of unauthorized actions without proper authentication. The vulnerability affects multiple versions of Rancher, necessitating prompt action for users relying on this platform.

Affected Version(s)

rancher 2.8.0 < 2.8.13

rancher 2.9.0 < 2.9.7

rancher 2.10.0 < 2.10.3

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387

https://github.com/rancher/rancher/security/advisories/GH...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Jan 15, 2025