CVE-2024-22036
published 2025-04-16CVE-2024-22036: A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher…
PriorityP353critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
0.68%
47.6th percentile
A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot
jail and gain root access to the Rancher container itself. In
production environments, further privilege escalation is possible based
on living off the land within the Rancher container itself. For the test
and development environments, based on a –privileged Docker container,
it is possible to escape the Docker container and gain execution access
on the host system.
This issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.7.0 < 2.7.16 | 2.7.16 |
| github.com | rancher_rancher | >= 2.8.0 < 2.8.9 | 2.8.9 |
| github.com | rancher_rancher | >= 2.9.0 < 2.9.3 | 2.9.3 |
| suse | rancher | >= 2.7.0 < 2.7.16 | 2.7.16 |
| suse | rancher | >= 2.8.0 < 2.8.9 | 2.8.9 |
| suse | rancher | >= 2.9.0 < 2.9.3 | 2.9.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher
osv·2024-10-28
CVE-2024-22036 Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher
Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher
Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.7.0 before v2.7.16, from v2.8.0 before v2.8.9, from v2.9.0 before v2.9.3.
GHSA
Rancher Remote Code Execution via Cluster/Node Drivers
ghsa·2024-10-25
CVE-2024-22036 [CRITICAL] CWE-269 Rancher Remote Code Execution via Cluster/Node Drivers
Rancher Remote Code Execution via Cluster/Node Drivers
### Impact
A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the `chroot` jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher container itself. For the test and development environments, based on a –privileged Docker container, it is possible to escape the Docker container and gain execution access on the host system.
This happens because:
- During startup, Rancher appends the `/opt/drivers/management-state/bin` directory to the `PATH` environment variable.
- In Rancher, the binaries `/usr/bin/rancher-machine`, `/usr/bin/helm_v3`, and `/usr/bin/kustomize` are
OSV
Rancher Remote Code Execution via Cluster/Node Drivers
osv·2024-10-25
CVE-2024-22036 [CRITICAL] Rancher Remote Code Execution via Cluster/Node Drivers
Rancher Remote Code Execution via Cluster/Node Drivers
### Impact
A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the `chroot` jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher container itself. For the test and development environments, based on a –privileged Docker container, it is possible to escape the Docker container and gain execution access on the host system.
This happens because:
- During startup, Rancher appends the `/opt/drivers/management-state/bin` directory to the `PATH` environment variable.
- In Rancher, the binaries `/usr/bin/rancher-machine`, `/usr/bin/helm_v3`, and `/usr/bin/kustomize` are
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-16
Published