Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Rancher — Vulnerabilities & Security Advisories 52

All 52 CVE vulnerabilities found in Rancher, with AI-generated Chinese analysis, references, and POCs.

Vendor: SUSE

CVE IDTitleCVSSSeverityPublished
CVE-2025-62879 Rancher Backup Operator pod's logs leak S3 tokens CWE-532 6.8 Medium2026-03-04
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern CWE-23 9.9 Critical2026-02-25
CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command CWE-295 8.3 High2026-02-25
CVE-2024-58269 Rancher exposes sensitive information through audit logs CWE-532 4.3 Medium2025-10-29
CVE-2023-32199 Rancher user retains access to clusters despite Global Role removal CWE-281 4.3 Medium2025-10-29
CVE-2024-58260 Rancher update on users can deny the service to the admin CWE-863 7.6 High2025-10-02
CVE-2024-58267 Rancher CLI SAML authentication is vulnerable to phishing attacks CWE-345 8.0 High2025-10-02
CVE-2025-54468 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint CWE-200 4.7 Medium2025-10-02
CVE-2024-58259 Rancher affected by unauthenticated Denial of Service CWE-770 8.2 High2025-09-02
CVE-2024-52284 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text CWE-312 7.7 High2025-09-02
CVE-2023-32197 Rancher's External RoleTemplates can lead to privilege escalation CWE-269 6.6 Medium2025-04-16
CVE-2024-22036 Rancher Remote Code Execution via Cluster/Node Drivers CWE-269 9.1 Critical2025-04-16
CVE-2024-52281 Stored Cross-site Scripting vulnerability in Rancher UI CWE-79 8.9 High2025-04-16
CVE-2024-52280 Users can issue watch commands for arbitrary resources CWE-200 7.7 High2025-04-11
CVE-2024-52282 Rancher Helm Applications may have sensitive values leaked CWE-200 6.2 Medium2025-04-11
CVE-2025-23387 Rancher's SAML-based login via CLI can be denied by unauthenticated users CWE-200 5.3 Medium2025-04-11
CVE-2025-23388 Unauthenticated stack overflow in /v3-public/authproviders API CWE-121 8.2 High2025-04-11
CVE-2025-23389 Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login CWE-284 8.4 High2025-04-11
CVE-2025-23391 Rancher: Restricted Administrator can change Administrator's passwords CWE-266 9.1 Critical2025-04-11
CVE-2022-45157 Exposure of vSphere's CPI and CSI credentials in Rancher CWE-522 9.1 Critical2024-11-13
CVE-2024-22032 Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec CWE-200 6.5 Medium2024-10-16
CVE-2024-22030 Rancher agents can be hijacked by taking over the Rancher Server URL CWE-295 8.0 High2024-10-16
CVE-2023-32196 Rancher's External RoleTemplates can lead to privilege escalation CWE-269 6.6 Medium2024-10-16
CVE-2023-32194 Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' CWE-269 7.2 High2024-10-16
CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider CWE-287 8.8 High2024-10-16
CVE-2023-22649 Rancher 'Audit Log' leaks sensitive information CWE-532 8.4 High2024-10-16
CVE-2022-43760 Rancher Labs Rancher 跨站脚本漏洞 CWE-79 8.4 High2023-06-01
CVE-2023-22647 Rancher Labs Rancher 安全漏洞 CWE-267 9.9 Critical2023-06-01
CVE-2023-22648 Rancher Labs Rancher 安全漏洞 CWE-271 8.0 High2023-06-01
CVE-2023-22651 Rancher 安全漏洞 CWE-269 9.9 Critical2023-05-04

All 52 known CVE vulnerabilities affecting Rancher with full Chinese analysis, references, and POCs where available.