Github.Com Rancher Steve vulnerabilities
2 known vulnerabilities affecting github.com/rancher_steve.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-32198HIGH≥ 0.2.0, < 0.2.1≥ 0.3.0, < 0.3.3+2 more2025-04-25
CVE-2023-32198 [HIGH] CWE-295 Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks
Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks
### Impact
A vulnerability has been identified in Steve where by default it was using an insecure option that did not validate the certificate presented by the remote server while performing a TLS connection. This could allow the execution of a man-in-the-middle (MitM) a
ghsaosv
CVE-2024-52280HIGH≥ 0, < 0.0.0-20241029132712-2175e090fe4b2024-11-20
CVE-2024-52280 [HIGH] CWE-200 github.com/rancher/steve's users can issue watch commands for arbitrary resources
github.com/rancher/steve's users can issue watch commands for arbitrary resources
### Impact
A vulnerability has been discovered in Steve API (Kubernetes API Translator) in which users can watch resources they are not allowed to access, when they have at least some generic permissions on the type. For example, a user who can get a single secret in a single namespace can get all secret
ghsaosv