CVE-2024-58267

CWE-3455 documents4 sources
Severity
8.0HIGH
EPSS
0.0%
top 99.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse RancherGithub.com Rancher/rancher
Timeline
PublishedOct 2
Latest updateOct 23

Description

A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.3 | Impact: 6.0

Affected Packages2 packages

CVEListV5suse/rancher2.12.02.12.2+3
Gogithub.com/rancher/rancher2.12.02.12.2+3

🔴Vulnerability Details

4
OSV
Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher2025-10-23
CVEList
Rancher CLI SAML authentication is vulnerable to phishing attacks2025-10-02
GHSA
Rancher CLI SAML authentication is vulnerable to phishing attacks2025-09-26
OSV
Rancher CLI SAML authentication is vulnerable to phishing attacks2025-09-26
CVE-2024-58267 (HIGH CVSS 8) | A vulnerability has been identified | cvebase.io