CVE-2024-52280

HIGH

SUSE rancher <c744f0b - Info Disclosure

Title source: llm

Description

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.

References (2)

Core 2

Core References

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52280

Vendor Advisory

https://github.com/rancher/steve/security/advisories/GHSA-j5hq-5jcr-xwx7

Scores

CVSS v3 7.7

EPSS 0.0021

EPSS Percentile 42.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (4)

rancher/steve 0 - 0.0.0-20241029132712-2175e090fe4bGo

SUSE/rancher < 2175e09

SUSE/rancher < 6e30359

SUSE/rancher < c744f0b

Published Apr 11, 2025

Tracked Since Feb 18, 2026