Base Score

HIGH8

CVE-2024-22030

A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL.

VectorNETWORK

Published Bymeissner@suse.de

Published DateOct 16, 2024, 14:15

Affected Versions(3)

github.com/rancher/rancher(Go)

Introduced2.7.0

Fixed2.7.15

LimitN/A

github.com/rancher/rancher(Go)

Introduced2.8.0

Fixed2.8.8

LimitN/A

github.com/rancher/rancher(Go)

Introduced2.9.0

Fixed2.9.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/rancher/rancher(Go)	2.7.0	2.7.15	N/A
github.com/rancher/rancher(Go)	2.8.0	2.8.8	N/A
github.com/rancher/rancher(Go)	2.9.0	2.9.2	N/A

Weakness Type (CWE):CWE-295

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

HIGH8

Weakness Type (CWE):CWE-295

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH