Home

Description

A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4.

PUBLISHED Reserved 2024-11-06 | Published 2025-04-16 | Updated 2026-02-26 | Assigner suse




HIGH: 8.9CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

2.9.0 (semver) before 2.9.4
affected

Credits

This issue was identified and reported by Bhavin Makwana from Workday’s Cyber Defence Team finder

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52281

github.com/...ancher/security/advisories/GHSA-2v2w-8v8c-wcm9

cve.org (CVE-2024-52281)

nvd.nist.gov (CVE-2024-52281)

Download JSON