CVE-2024-52280

Users can issue watch commands for arbitrary resources

CVSS 7.7 HIGHEPSS 0.4%CWE-200

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 Apr 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

SUSE · rancher

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52280 https://github.com/rancher/steve/security/advisories/GHSA-j5hq-5jcr-xwx7