Summary: SUSE has issued security advisories to address two critical vulnerabilities in Rancher, potentially allowing attackers to launch denial-of-service attacks and impersonate users. The vulnerabilities, identified as CVE-2025-23388 and CVE-2025-23389, affect multiple versions of Rancher and require immediate attention through updates. Users are urged to upgrade to the patched versions to prevent exploitation of these vulnerabilities.
Affected: Rancher
Keypoints :
- CVE-2025-23388: Allows unauthenticated attackers to crash the Rancher server via the /v3-public/authproviders API, leading to potential service disruptions.
- CVE-2025-23389: Enables local users to impersonate others through manipulated cookie values in SAML authentication, risking unauthorized access to sensitive data.
- Affected versions include v2.8.12 and earlier, v2.9.6 and earlier, and v2.10.2 and earlier, with patched versions available for users to upgrade.
- No workarounds exist for CVE-2025-23388; for CVE-2025-23389, disabling SAML authentication is a temporary measure until upgrading.
Views: 17