Base Score

HIGH8.9

CVE-2024-52281

A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4.

VectorNETWORK

Published Bymeissner@suse.de

Published DateApr 16, 2025, 09:15

Affected Versions(1)

github.com/rancher/rancher(Go)

Introduced2.9.0

Fixed2.9.4

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/rancher/rancher(Go)	2.9.0	2.9.4	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

8.9

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

LOW

References

Base Score

HIGH8.9

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

8.9

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

LOW