CVE-2024-58267
published 2025-10-02CVE-2024-58267: A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The…
PriorityP348high8CVSS 3.1
AVNACHPRLUIRSCCHIHAH
EPSS
0.22%
12.1th percentile
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.10.0 < 2.10.10 | 2.10.10 |
| github.com | rancher_rancher | >= 2.11.0 < 2.11.6 | 2.11.6 |
| github.com | rancher_rancher | >= 2.12.0 < 2.12.2 | 2.12.2 |
| github.com | rancher_rancher | >= 2.9.0 < 2.9.12 | 2.9.12 |
| suse | rancher | >= 2.10.0 < 2.10.10 | 2.10.10 |
| suse | rancher | >= 2.11.0 < 2.11.6 | 2.11.6 |
| suse | rancher | >= 2.12.0 < 2.12.2 | 2.12.2 |
| suse | rancher | >= 2.9.0 < 2.9.12 | 2.9.12 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher
osv·2025-10-23
CVE-2024-58267 Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher
Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher
Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.9.0 before v2.9.12, from v2.10.0 before v2.10.10, from v2.11.0 before v2.11.6, from v2.12.0 before v2.12.2.
GHSA
Rancher CLI SAML authentication is vulnerable to phishing attacks
ghsa·2025-09-26
CVE-2024-58267 [HIGH] CWE-345 Rancher CLI SAML authentication is vulnerable to phishing attacks
Rancher CLI SAML authentication is vulnerable to phishing attacks
### Impact
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.
Rancher Manager deployments without SAML authentication enabled are not affected by this vulnerability.
An attacker can generate a phishing SAML login URL which contains a `publicKey` and `requestId` controlled by the attacker. The attacker can then give the link to another user (eg: admin) and if the victim goes to the link unsuspectingly, they might not notice the bad parameters in the URL. The user will be prompted to login and might believe th
OSV
Rancher CLI SAML authentication is vulnerable to phishing attacks
osv·2025-09-26
CVE-2024-58267 [HIGH] Rancher CLI SAML authentication is vulnerable to phishing attacks
Rancher CLI SAML authentication is vulnerable to phishing attacks
### Impact
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.
Rancher Manager deployments without SAML authentication enabled are not affected by this vulnerability.
An attacker can generate a phishing SAML login URL which contains a `publicKey` and `requestId` controlled by the attacker. The attacker can then give the link to another user (eg: admin) and if the victim goes to the link unsuspectingly, they might not notice the bad parameters in the URL. The user will be prompted to login and might believe th
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-02
Published