Upstream information
Description
A vulnerability has been identified within Rancher that can be exploitedin narrow circumstances through a man-in-the-middle (MITM) attack. An
attacker would need to have control of an expired domain or execute a
DNS spoofing/hijacking attack against the domain to exploit this
vulnerability. The targeted domain is the one used as the Rancher URL.
Upstream Security Advisories:
SUSE information
Overall state of this security issue: Pending
This issue is currently rated as having important severity.
| CNA (SUSE) | |
|---|---|
| Base Score | 8 |
| Vector | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | High |
| User Interaction | None |
| Scope | Changed |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- BLOG-CVE-2024-22030, published Fri Feb 16 17:22:32 CET 2024
- GHSA-h4h5-9833-v2p4, published Thu Sep 26 20:54:20 CEST 2024
SUSE Timeline for this CVE
CVE page created: Thu Feb 15 19:45:08 2024CVE page last modified: Fri Oct 18 12:04:40 2024