CVE-2024-58259

Summary

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).

Affected Software

VendorProductVersion RangeStatus
SUSErancher2.12.0 < 2.12.1affected
SUSErancher2.11.0 < 2.11.5affected
SUSErancher2.10.0 < 2.10.9affected
SUSErancher2.9.0 < 2.9.11affected
SUSErancher0 < 0.0.0-20250813072957-aee95d4e2a41affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References