admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-11 11:00:38 +00:00
parent fb7b34579d
commit a20a55f6f4
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 445 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
2024/52xxx/CVE-2024-52282.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52282",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET\n access to the Rancher Manager Apps Catalog to read any sensitive information that are \ncontained within the Apps\u2019 values. Additionally, the same information \nleaks into auditing logs when the audit level is set to equal or above \n2.\n\nThis issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SUSE",
"product": {
"product_data": [
{
"product_name": "rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.8.0",
"version_value": "2.8.10"
},
{
"version_affected": "<",
"version_name": "2.9.0",
"version_value": "2.9.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52282",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52282"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-9c5p-35gj-jqp4",
"refsource": "MISC",
"name": "https://github.com/rancher/rancher/security/advisories/GHSA-9c5p-35gj-jqp4"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

94
2025/23xxx/CVE-2025-23387.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23387",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SUSE",
"product": {
"product_data": [
{
"product_name": "rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.8.0",
"version_value": "2.8.13"
},
{
"version_affected": "<",
"version_name": "2.9.0",
"version_value": "2.9.7"
},
{
"version_affected": "<",
"version_name": "2.10.0",
"version_value": "2.10.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-5qmp-9x47-92q8",
"refsource": "MISC",
"name": "https://github.com/rancher/rancher/security/advisories/GHSA-5qmp-9x47-92q8"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

94
2025/23xxx/CVE-2025-23388.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23388",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SUSE",
"product": {
"product_data": [
{
"product_name": "rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.8.0",
"version_value": "2.8.13"
},
{
"version_affected": "<",
"version_name": "2.9.0",
"version_value": "2.9.7"
},
{
"version_affected": "<",
"version_name": "2.10.0",
"version_value": "2.10.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23388",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23388"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-xr9q-h9c7-xw8q",
"refsource": "MISC",
"name": "https://github.com/rancher/rancher/security/advisories/GHSA-xr9q-h9c7-xw8q"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
]
}

94
2025/23xxx/CVE-2025-23389.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login.\nThis issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SUSE",
"product": {
"product_data": [
{
"product_name": "rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.8.0",
"version_value": "2.8.13"
},
{
"version_affected": "<",
"version_name": "2.9.0",
"version_value": "2.9.7"
},
{
"version_affected": "<",
"version_name": "2.10.0",
"version_value": "2.10.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23389",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23389"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-mq23-vvg7-xfm4",
"refsource": "MISC",
"name": "https://github.com/rancher/rancher/security/advisories/GHSA-mq23-vvg7-xfm4"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
]
}

94
2025/23xxx/CVE-2025-23391.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23391",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts.\nThis issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266: Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SUSE",
"product": {
"product_data": [
{
"product_name": "rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.8.0",
"version_value": "2.8.14"
},
{
"version_affected": "<",
"version_name": "2.9.0",
"version_value": "2.9.8"
},
{
"version_affected": "<",
"version_name": "2.10.0",
"version_value": "2.10.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23391",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23391"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-8p83-cpfg-fj3g",
"refsource": "MISC",
"name": "https://github.com/rancher/rancher/security/advisories/GHSA-8p83-cpfg-fj3g"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}