CVE-2024-22030
published 2024-10-16CVE-2024-22030: A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would…
PriorityP342high8CVSS 3.1
AVNACHPRHUINSCCHIHAH
EPSS
0.38%
29.5th percentile
A vulnerability has been identified within Rancher that can be exploited
in narrow circumstances through a man-in-the-middle (MITM) attack. An
attacker would need to have control of an expired domain or execute a
DNS spoofing/hijacking attack against the domain to exploit this
vulnerability. The targeted domain is the one used as the Rancher URL.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.7.0 < 2.7.15 | 2.7.15 |
| github.com | rancher_rancher | >= 2.8.0 < 2.8.8 | 2.8.8 |
| github.com | rancher_rancher | >= 2.9.0 < 2.9.2 | 2.9.2 |
| suse | rancher | >= 2.7.0 < 2.7.15 | 2.7.15 |
| suse | rancher | >= 2.8.0 < 2.8.8 | 2.8.8 |
| suse | rancher | >= 2.9.0 < 2.9.2 | 2.9.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher agents can be hijacked by taking over the Rancher Server URL in github.com/rancher/rancher
osv·2024-10-09
CVE-2024-22030 Rancher agents can be hijacked by taking over the Rancher Server URL in github.com/rancher/rancher
Rancher agents can be hijacked by taking over the Rancher Server URL in github.com/rancher/rancher
Rancher agents can be hijacked by taking over the Rancher Server URL in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.7.0 before v2.7.15, from v2.8.0 before v2.8.8, from v2.9.0 before v2.9.2.
OSV
Rancher agents can be hijacked by taking over the Rancher Server URL
osv·2024-09-26
CVE-2024-22030 [HIGH] Rancher agents can be hijacked by taking over the Rancher Server URL
Rancher agents can be hijacked by taking over the Rancher Server URL
### Impact
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL.
SUSE is unaware of any successful exploitation of this vulnerability, which has a high complexity bar.
Please consult the associated [MITRE ATT&CK - Technique - Adversary-in-the-Middle](https://attack.mitre.org/techniques/T1557/) for further information about this attack category.
### Patches
A new setting, [`agent-tls-mode`](https://ranchermanager.docs.rancher.com
GHSA
Rancher agents can be hijacked by taking over the Rancher Server URL
ghsa·2024-09-26
CVE-2024-22030 [HIGH] CWE-295 Rancher agents can be hijacked by taking over the Rancher Server URL
Rancher agents can be hijacked by taking over the Rancher Server URL
### Impact
A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL.
SUSE is unaware of any successful exploitation of this vulnerability, which has a high complexity bar.
Please consult the associated [MITRE ATT&CK - Technique - Adversary-in-the-Middle](https://attack.mitre.org/techniques/T1557/) for further information about this attack category.
### Patches
A new setting, [`agent-tls-mode`](https://ranchermanager.docs.rancher.com
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-16
Published