Upstream information
Description
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GETaccess to the Rancher Manager Apps Catalog to read any sensitive information that are
contained within the Apps' values. Additionally, the same information
leaks into auditing logs when the audit level is set to equal or above
2.
This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.
Upstream Security Advisories:
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CNA (SUSE) | |
|---|---|
| Base Score | 6.2 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | High |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality Impact | High |
| Integrity Impact | None |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- GHSA-9c5p-35gj-jqp4, published Wed Nov 20 00:59:30 CET 2024
- openSUSE-SU-2024:14519-1, published Mon Nov 25 18:50:12 2024
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-14519 |
SUSE Timeline for this CVE
CVE page created: Tue Nov 19 13:45:34 2024CVE page last modified: Fri Apr 11 17:59:32 2025