CVE-2023-32198 — Improper Certificate Validation in Rancher Steve

CWE-295 — Improper Certificate Validation3 documents2 sources

Severity

—N/A

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Rancher Steve

Timeline

PublishedMay 5

Description

Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks in github.com/rancher/stev Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks in github.com/rancher/stev. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the …

Affected Packages1 packages

▶Gogithub.com/rancher_steve0.2.0 — 0.2.1+3

🔴Vulnerability Details

OSV

Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks in github.com/rancher/stev↗2025-05-05

▶

OSV

Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks↗2025-04-25

▶

GHSA

Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks↗2025-04-25

▶