CVE-2024-52282

MEDIUM

SUSE Rancher <2.8.10-2.9.4 - Info Disclosure

Title source: llm

Description

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing logs when the audit level is set to equal or above 2. This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.

References (2)

Core 2

Core References

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52282

Vendor Advisory

https://github.com/rancher/rancher/security/advisories/GHSA-9c5p-35gj-jqp4

Scores

CVSS v3 6.2

EPSS 0.0013

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (3)

rancher/rancher 2.8.0 - 2.8.10Go

SUSE/rancher 2.8.0 - 2.8.10

SUSE/rancher 2.9.0 - 2.9.4

Published Apr 11, 2025

Tracked Since Feb 18, 2026