CVE-2024-22030

HIGH

Rancher 2.7.0-2.9.2 URL Certificate Validation - Man-in-the-Middle

Title source: manual

Description

A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL.

References (2)

Core 2

Core References

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22030

Vendor Advisory

https://github.com/rancher/rancher/security/advisories/GHSA-h4h5-9833-v2p4

Scores

CVSS v3 8.0

EPSS 0.0009

EPSS Percentile 25.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-295

Status published

Products (4)

rancher/rancher 2.7.0 - 2.7.15Go

SUSE/rancher 2.7.0 - 2.7.15

SUSE/rancher 2.8.0 - 2.8.8

SUSE/rancher 2.9.0 - 2.9.2

Published Oct 16, 2024

Tracked Since Feb 18, 2026