Information Disclosure Vulnerability in Rancher Manager by SUSE
CVE-2025-54468
4.7MEDIUM
What is CVE-2025-54468?
A vulnerability has been detected in Rancher Manager that allows the revelation of sensitive data through Impersonate-Extra-*
headers. These headers can be unintentionally transmitted to external entities, such as amazonaws.com
, via the /meta/proxy
endpoint. As a result, identifiable information, including email addresses, may become exposed, posing a significant risk to user privacy and data security.
Affected Version(s)
rancher 2.12.0 < 2.12.2
rancher 2.11.0 < 2.11.6
rancher 2.10.0 < 2.10.10