Suse
CVE-2024-58267
HIGH
Severity by source
Sources disagree (Low–High)AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.
Analysis
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens.
Technical ContextAI
This vulnerability is classified as Insufficient Verification of Data Authenticity (CWE-345).
Affected ProductsAI
Affected: Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks
RemediationAI
Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.
Same technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Low| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-v3vj-5868-2ch2