CVE-2024-58259

HIGH

Rancher 2.9.0-2.9.10, 2.10.0-2.10.8, 2.11.0-2.11.4, 2.12.0 - Denial of Service via Unrestricted Request Body Size

Title source: llm

Description

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).

References (2)

Core 2

Core References

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58259

Vendor Advisory

https://github.com/rancher/rancher/security/advisories/GHSA-4h45-jpvh-6p5j

Scores

CVSS v3 8.2

EPSS 0.0004

EPSS Percentile 14.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (6)

rancher/rancher 2.12.0 - 2.12.1Go

SUSE/rancher < 0.0.0-20250813072957-aee95d4e2a41

SUSE/rancher 2.10.0 - 2.10.9

SUSE/rancher 2.11.0 - 2.11.5

SUSE/rancher 2.12.0 - 2.12.1

SUSE/rancher 2.9.0 - 2.9.11

Published Sep 02, 2025

Tracked Since Feb 18, 2026