Developer Tools

In SUSE Rancher versions from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7 and from 2.10.0 before 2.10.3 a medium severity vulnerability CVE-2025-23387 was detected. This vulnerability allows unauthenticated attackers to list and delete CLI authentication tokens before they are retrieved, exposing sensitive information. To address this issue, users should upgrade SUSE Rancher to versions 2.8.13, 2.9.7 or 2.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23387.

In SUSE Rancher from 2.8.0 before 2.8.10 and from 2.9.0 before 2.9.4 a medium severity vulnerability CVE-2024-52282 was detected. This vulnerability allows any user with GET access to the Rancher Manager Apps Catalog to read sensitive information contained in the Apps’ values, which also gets exposed in audit logs when the audit level is set to 2 or higher. To address this issue, users should upgrade SUSE Rancher to versions 2.8.10 or 2.9.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52282.

In SUSE Rancher versions before commits 2175e09, 6e30359 and c744f0b a high severity vulnerability CVE-2024-52280 was detected. This vulnerability allows users with generic permissions on a resource type to watch resources they are not explicitly authorized to access. To address this issue, users should upgrade SUSE Rancher to commits 2175e09 (main), 6e30359 (release/v2.9), c744f0b (release/v2.8) or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52280.

In Rancher versions from 2.8.0 before 2.8.14, 2.9.0 before 2.9.8, 2.10.0 before 2.10.4 and prior to 2.11.0 a critical severity vulnerability CVE-2025-23391 was detected. This vulnerability allows a Restricted Administrator to change the passwords of full Administrators, potentially leading to account takeover. To address this issue, users should upgrade Rancher to versions 2.8.14, 2.9.8, 2.11.0 or 2.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23391.

In Rancher versions from 2.8.0 before 2.8.13, 2.9.0 before 2.9.7 and 2.10.0 before 2.10.3 a high severity vulnerability CVE-2025-23389 was detected. This vulnerability allows a local user to impersonate other identities through SAML Authentication during first login. To address this issue, users should upgrade Rancher to versions 2.8.13, 2.9.7 or 2.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23389.

In Rancher versions from 2.8.0 before 2.8.13, 2.9.0 before 2.9.7 and 2.10.0 before 2.10.3 a high severity vulnerability CVE-2025-23388 was detected. This vulnerability allows attackers to trigger a stack-based buffer overflow, potentially causing a denial of service. To address this issue, users should upgrade Rancher to versions 2.8.13, 2.9.7 or 2.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23388.

In GitLab CE/EE versions up to 17.8.7, 17.9 before 17.9.6 and 17.10 before 17.10.4 a medium severity vulnerability CVE-2025-1677 was detected. This vulnerability allows attackers to trigger a Denial of Service (DoS) by injecting oversized payloads into CI pipeline exports. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.7, 17.9.6 or 17.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1677.

In GitLab CE/EE versions from 7.7 up to 17.8.7, 17.9 before 17.9.6 and 17.10 before 17.10.4 a medium severity vulnerability CVE-2025-0362 was detected. This vulnerability allows attackers, under certain conditions, to trick users into unintentionally authorizing sensitive actions on their behalf. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.7, 17.9.6 or 17.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0362.

In GitLab EE versions from 17.1 up to 17.8.7, 17.9 before 17.9.6 and 17.10 before 17.10.4 a medium severity vulnerability CVE-2024-11129 was detected. This vulnerability allows attackers to perform targeted searches using sensitive keywords to retrieve the count of issues containing those terms, leading to potential information disclosure. To address this issue, users should upgrade GitLab EE to versions 17.8.7, 17.9.6 or 17.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11129.