Suse

Rancher

66 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.32%
  • Veröffentlicht 29.06.2026 16:16:39
  • Zuletzt bearbeitet 02.07.2026 19:48:21

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

  • EPSS 1.28%
  • Veröffentlicht 19.06.2026 12:13:39
  • Zuletzt bearbeitet 24.06.2026 05:17:28

A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious ...

  • EPSS 0.38%
  • Veröffentlicht 13.05.2026 08:04:57
  • Zuletzt bearbeitet 13.05.2026 15:35:35

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo...

  • EPSS 0.37%
  • Veröffentlicht 13.05.2026 08:00:46
  • Zuletzt bearbeitet 13.05.2026 15:35:35

A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` fie...

  • EPSS 0.34%
  • Veröffentlicht 04.03.2026 15:08:11
  • Zuletzt bearbeitet 05.03.2026 17:57:32

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.

  • EPSS 0.58%
  • Veröffentlicht 25.02.2026 10:49:29
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.

  • EPSS 0.15%
  • Veröffentlicht 25.02.2026 10:36:57
  • Zuletzt bearbeitet 03.03.2026 16:26:32

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA cer...

  • EPSS 0.27%
  • Veröffentlicht 29.10.2025 14:58:06
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.

  • EPSS 0.21%
  • Veröffentlicht 29.10.2025 14:54:04
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles th...

  • EPSS 0.22%
  • Veröffentlicht 02.10.2025 12:15:28
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s auth...