Base Score

HIGH8.2

CVE-2024-58259

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).

VectorNETWORK

Published Bymeissner@suse.de

Published DateSep 02, 2025, 12:15

Affected Versions(5)

github.com/rancher/rancher(Go)

Introduced2.12.0

Fixed2.12.1

LimitN/A

github.com/rancher/rancher(Go)

Introduced2.11.0

Fixed2.11.5

LimitN/A

github.com/rancher/rancher(Go)

Introduced2.10.0

Fixed2.10.9

LimitN/A

github.com/rancher/rancher(Go)

Introduced2.9.0

Fixed2.9.11

LimitN/A

github.com/rancher/rancher(Go)

Introduced0

Fixed0.0.0-20250813072957-aee95d4e2a41

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/rancher/rancher(Go)	2.12.0	2.12.1	N/A
github.com/rancher/rancher(Go)	2.11.0	2.11.5	N/A
github.com/rancher/rancher(Go)	2.10.0	2.10.9	N/A
github.com/rancher/rancher(Go)	2.9.0	2.9.11	N/A
github.com/rancher/rancher(Go)	0	0.0.0-20250813072957-aee95d4e2a41	N/A

Weakness Type (CWE):CWE-770

CVSS Metrics

Base Score

8.2

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

HIGH

References

Base Score

HIGH8.2

Weakness Type (CWE):CWE-770

CVSS Metrics

Base Score

8.2

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

HIGH