Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Authenticated network path traversal causing availability-only impact; PR:L required because exploitation demands valid Fleet API credentials.
Primary rating from Vendor (suse).
CVSS VectorVendor: suse
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.
AnalysisAI
Path traversal in Rancher Fleet's ImageScan subsystem (CWE-23) allows authenticated remote attackers to escape intended directory boundaries and trigger denial of service across four active release branches (0.12.x through 0.15.x). The flaw appears to have been introduced in the 0.12.0 series and persisted undetected through at least sixteen subsequent patch releases, indicating the ImageScan component lacked adequate path sanitization for an extended period. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires authenticated network access with at least low-level privileges (CVSS 4.0 PR:L), meaning the attacker must possess a valid Fleet API credential, service account token, or equivalent authenticated session - unauthenticated attackers cannot exploit this flaw. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.3 (Medium) reflects a network-accessible (AV:N), low-complexity (AC:L), low-privilege (PR:L) flaw with impact confined to limited availability degradation (VA:L) on the vulnerable system - no confidentiality or integrity impact is indicated. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker holding a low-privilege Fleet API credential crafts a malicious request to the ImageScan subsystem containing path traversal sequences (e.g., '../../') embedded in an image reference or scan target field. The unvalidated path causes the ImageScan process to attempt filesystem operations outside its intended working directory, resulting in a process crash or hang that disrupts image scanning functionality and degrades Fleet's operational availability. … |
| Remediation | Consult the Rancher Fleet security advisory at https://github.com/rancher/fleet/security/advisories/GHSA-c45g-6c2c-rj3p for the exact patched release versions - specific fix version numbers are not independently confirmed from available input data and should not be assumed. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no
SAML assertion replay in Rancher's Assertion Consumer Service (ACS) handler lets a person-in-the-middle who captures a v
Privilege escalation in SUSE Rancher (Kubernetes management platform) allows a user holding the Project Owner role to im
Privilege escalation in Rancher 2.13 (before 2.13.6) and 2.14 (before 2.14.2) lets any authenticated user gain principal
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -ski
Authentication bypass in SUSE Rancher's in-cluster admission webhook (rancher-webhook) lets a network-adjacent, unauthen
Privilege persistence in SUSE Rancher allows project users to retain Pod Security Admission (PSA) permissions even after
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40348