8.3

CVE-2025-67601

Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SuseRancher Version >= 2.10.0 < 2.10.11
SuseRancher Version >= 2.11.0 < 2.11.10
SuseRancher Version >= 2.12.0 < 2.12.6
SuseRancher Version >= 2.13.0 < 2.13.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.013
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.8 2.2 2.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
meissner@suse.de 8.3 1.6 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.