Home

Description

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.

PUBLISHED Reserved 2024-11-06 | Published 2025-04-11 | Updated 2025-04-11 | Assigner suse




HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unaffected

Any version before 2175e09
affected

Any version before 6e30359
affected

Any version before c744f0b
affected

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52280

github.com/.../steve/security/advisories/GHSA-j5hq-5jcr-xwx7

cve.org (CVE-2024-52280)

nvd.nist.gov (CVE-2024-52280)

Download JSON