Suse
CVE-2024-58260
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.
Analysis
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.
Technical ContextAI
This vulnerability is classified as Incorrect Authorization (CWE-863).
Affected ProductsAI
Affected: Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts
RemediationAI
Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-q82v-h4rq-5c86