CVE-2024-58260

Summary

A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.

Affected Software

VendorProductVersion RangeStatus
SUSErancher2.12.0 < 2.12.2affected
SUSErancher2.11.0 < 2.11.6affected
SUSErancher2.10.0 < 2.10.10affected
SUSErancher2.9.0 < 2.9.12affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References