CVE-2024-52280

Users can issue watch commands for arbitrary resources

CVSS 7.7 HIGHEPSS 0.4%CWE-200

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 abr 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Produtos afetados

SUSE · rancher

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52280 https://github.com/rancher/steve/security/advisories/GHSA-j5hq-5jcr-xwx7