CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23387 – Rancher's SAML-based login via CLI can be denied by unauthenticated users
https://notcve.org/view.php?id=CVE-2025-23387
11 Apr 2025 — A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23388 – Unauthenticated stack overflow in /v3-public/authproviders API
https://notcve.org/view.php?id=CVE-2025-23388
11 Apr 2025 — A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23388 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23389 – Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
https://notcve.org/view.php?id=CVE-2025-23389
11 Apr 2025 — A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23389 • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23391 – Rancher: Restricted Administrator can change Administrator's passwords
https://notcve.org/view.php?id=CVE-2025-23391
11 Apr 2025 — A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4. A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 befor... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23391 • CWE-266: Incorrect Privilege Assignment •