Home

Description

A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.

PUBLISHED Reserved 2025-09-04 | Published 2025-10-02 | Updated 2025-10-03 | Assigner suse




HIGH: 8.0CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-345: Insufficient Verification of Data Authenticity

Product status

Default status
unaffected

2.12.0 (semver) before 2.12.2
affected

2.11.0 (semver) before 2.11.6
affected

2.10.0 (semver) before 2.10.10
affected

2.9.0 (semver) before 2.9.12
affected

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58267

github.com/...ancher/security/advisories/GHSA-v3vj-5868-2ch2

cve.org (CVE-2024-58267)

nvd.nist.gov (CVE-2024-58267)

Download JSON