Skip to main content

Suse CVE-2024-58267

HIGH
Insufficient Verification of Data Authenticity (CWE-345)
2025-10-02 meissner@suse.de GHSA-v3vj-5868-2ch2
High
Disputed · 8.0 NVD
Share

Severity by source

Sources disagree (Low–High)
NVD PRIMARY
8.0 HIGH
AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
SUSE
3.1 LOW
AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 13, 2026 - 19:12 vuln.today
CVE Published
Oct 02, 2025 - 12:15 nvd
HIGH 8.0

DescriptionCVE.org

A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.

Analysis

A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.

Technical ContextAI

This vulnerability is classified as Insufficient Verification of Data Authenticity (CWE-345).

Affected ProductsAI

Affected: Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2024-58267 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy