CVE-2025-23387
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | rancher | 2.8.0 < 2.8.13 | affected |
| SUSE | rancher | 2.9.0 < 2.9.7 | affected |
| SUSE | rancher | 2.10.0 < 2.10.3 | affected |
Weaknesses
- CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387
- https://github.com/rancher/rancher/security/advisories/GHSA-5qmp-9x47-92q8
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.