CVE-2024-58260

CWE-863Incorrect Authorization5 documents4 sources
Severity
7.6HIGH
EPSS
0.0%
top 96.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse RancherGithub.com Rancher/rancher
Timeline
PublishedOct 2
Latest updateOct 23

Description

A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:HExploitability: 2.3 | Impact: 4.7

Affected Packages2 packages

CVEListV5suse/rancher2.12.02.12.2+3
Gogithub.com/rancher/rancher2.12.02.12.2+3

🔴Vulnerability Details

4
OSV
Rancher update on users can deny the service to the admin in github.com/rancher/rancher2025-10-23
CVEList
Rancher update on users can deny the service to the admin2025-10-02
GHSA
Rancher update on users can deny the service to the admin2025-09-26
OSV
Rancher update on users can deny the service to the admin2025-09-26
CVE-2024-58260 (HIGH CVSS 7.6) | A vulnerability has been identified | cvebase.io