CVE-2025-23387

CWE-200 — Information Exposure5 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 55.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Rancher Github.com Rancher/rancher

Timeline

PublishedApr 11

Description

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5suse/rancher2.8.0 — 2.8.13+2

▶Gogithub.com/rancher/rancher2.8.0 — 2.8.13+2

🔴Vulnerability Details

CVEList

Rancher's SAML-based login via CLI can be denied by unauthenticated users↗2025-04-11

▶

OSV

Rancher's SAML-based login via CLI can be denied by unauthenticated users in github.com/rancher/rancher↗2025-03-03

▶

GHSA

Rancher's SAML-based login via CLI can be denied by unauthenticated users↗2025-02-27

▶

OSV

Rancher's SAML-based login via CLI can be denied by unauthenticated users↗2025-02-27

▶