github - ghsa-xr9q-h9c7-xw8q

ghsa-xr9q-h9c7-xw8q

Vulnerability from github

Published

2025-02-27 18:27

Modified

2025-05-27 18:31

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Summary

Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API

Details

Impact

An unauthenticated stack overflow crash, leading to a denial of service (DoS), was identified in Rancher’s /v3-public/authproviders public API endpoint. A malicious user could submit data to the API which would cause the Rancher server to crash, but no malicious or incorrect data would actually be written in the API. The downstream clusters, i.e., the clusters managed by Rancher, are not affected by this issue.

This vulnerability affects those using external authentication providers as well as Rancher’s local authentication.

Patches

The patch includes the removal of unnecessary HTTP methods of the specific API.

Patched versions include releases v2.8.13, v2.9.7 and v2.10.3.

Workarounds

There are no workarounds for this issue. Users are recommended to upgrade, as soon as possible, to a version of Rancher Manager that contains the fix.

References

If you have any questions or comments about this advisory: - Reach out to the SUSE Rancher Security team for security related inquiries. - Open an issue in the Rancher repository. - Verify with our support matrix and product support lifecycle.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-23388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-27T18:27:49Z",
    "nvd_published_at": "2025-04-11T11:15:42Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nAn unauthenticated stack overflow crash, leading to a denial of service (DoS), was identified in Rancher\u2019s `/v3-public/authproviders` public API endpoint. A malicious user could submit data to the API which would cause the Rancher server to crash, but no malicious or incorrect data would actually be written in the API. The downstream clusters, i.e., the clusters managed by Rancher, are not affected by this issue.\n\nThis vulnerability affects those using external authentication providers as well as Rancher\u2019s local authentication.\n\n### Patches\nThe patch includes the removal of unnecessary HTTP methods of the specific API.\n\nPatched versions include releases `v2.8.13`, `v2.9.7` and `v2.10.3`.\n\n### Workarounds\nThere are no workarounds for this issue. Users are recommended to upgrade, as soon as possible, to a version of Rancher Manager that contains the fix.\n\n### References\nIf you have any questions or comments about this advisory:\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
  "id": "GHSA-xr9q-h9c7-xw8q",
  "modified": "2025-05-27T18:31:11Z",
  "published": "2025-02-27T18:27:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/security/advisories/GHSA-xr9q-h9c7-xw8q"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/pull/48608"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/pull/48954"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/pull/48957"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/pull/48958"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/commit/5c7aded42509ae526383bb296138e8ea0dff9d13"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/commit/92d55b799ac172734106569b61ca87bbd5affcb2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/commit/a263bf3466717ee4bab802d499a5a167d274813d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/commit/de3ffa88cc75ae3da122bd36a4489663b5157ee3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rancher/rancher"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/releases/tag/v2.10.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/releases/tag/v2.8.13"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/releases/tag/v2.9.7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API"
}

CVE-2025-23388 (GCVE-0-2025-23388)

Vulnerability from cvelistv5

Published

2025-04-11 10:48

Modified

2025-04-15 15:08

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Summary

A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

References

►

URL

Tags

	https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23388
	https://github.com/rancher/rancher/security/advisories/GHSA-xr9q-h9c7-xw8q

Impacted products

	Vendor	Product	Version
	SUSE	rancher	Version: 2.8.0 ≤ Version: 2.9.0 ≤ Version: 2.10.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-11T13:28:18.934297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T15:08:29.960Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "github.com/rancher/rancher",
          "product": "rancher",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "2.8.13",
              "status": "affected",
              "version": "2.8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.9.7",
              "status": "affected",
              "version": "2.9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.10.3",
              "status": "affected",
              "version": "2.10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-27T17:27:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.\u003cp\u003eThis issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.\u003c/p\u003e"
            }
          ],
          "value": "A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-11T10:48:51.349Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23388"
        },
        {
          "url": "https://github.com/rancher/rancher/security/advisories/GHSA-xr9q-h9c7-xw8q"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated stack overflow in /v3-public/authproviders API",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2025-23388",
    "datePublished": "2025-04-11T10:48:51.349Z",
    "dateReserved": "2025-01-15T12:39:03.324Z",
    "dateUpdated": "2025-04-15T15:08:29.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

ghsa-xr9q-h9c7-xw8q

Vulnerability from github

Impact

Patches

Workarounds

References

CVE-2025-23388 (GCVE-0-2025-23388)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature