CVE-2024-58260

HIGH
2025-10-02 [email protected] GHSA-q82v-h4rq-5c86
7.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

3
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 13, 2026 - 19:12 vuln.today
CVE Published
Oct 02, 2025 - 12:15 nvd
HIGH 7.6

Tags

Authentication Bypass Suse

Description

A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.

Analysis

A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.

Technical Context

This vulnerability is classified as Incorrect Authorization (CWE-863).

Affected Products

Affected: Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts

Remediation

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Vendor Status

Share

CVE-2024-58260 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy