CVE-2024-58269

MEDIUM

Rancher - Log Information Exposure

Title source: rule

Description

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.

References (2)

[Issue Tracking] https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58269

[Vendor Advisory] https://github.com/rancher/rancher/security/advisories/GHSA-mw39-9qc2-f7mg

Scores

CVSS v3 4.3

EPSS 0.0001

EPSS Percentile 1.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (2)

rancher/rancher 0 - 0.0.0-20251013203444-50dc516a19eaGo

SUSE/rancher < 0.0.0-20251013203444-50dc516a19ea

Published Oct 29, 2025

Tracked Since Feb 18, 2026