Plattform
kubernetes
Komponente
rancher
Behoben in
2.7.16
2.8.9
2.9.3
CVE-2024-22036 describes a Remote Code Execution (RCE) vulnerability within the Rancher Kubernetes management platform. This flaw allows an attacker leveraging a cluster or node driver to escape the chroot jail and achieve root access to the Rancher container itself. The vulnerability impacts Rancher versions 2.7.0 through 2.9.3 and has been addressed in version 2.9.3.
The impact of CVE-2024-22036 is severe. Successful exploitation allows an attacker to gain root access within the Rancher container, enabling them to execute arbitrary code. In production environments, this could lead to privilege escalation and compromise of sensitive data. In test and development environments utilizing privileged Docker containers, the attacker can escape the container entirely and gain execution access on the host system, potentially leading to full system compromise. This vulnerability resembles container escape exploits, allowing attackers to move laterally and potentially impact other systems connected to the network.
CVE-2024-22036 is currently not listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is not yet publicly available, but the vulnerability's severity and potential impact suggest a medium probability of exploitation. The vulnerability was publicly disclosed on 2025-04-16.
Organizations heavily reliant on Rancher for Kubernetes management, particularly those with production environments and privileged Docker container deployments, are at significant risk. Shared hosting environments utilizing Rancher are also vulnerable, as a compromised driver could impact multiple tenants.
• linux / server:
journalctl -u rancher -g "chroot jail escape"• linux / server:
lsof -i -P | grep rancher• kubernetes: Inspect Kubernetes pod configurations for unusual driver permissions or network access. • kubernetes: Review Rancher audit logs for suspicious driver activity or attempts to escalate privileges.
disclosure
Exploit-Status
EPSS
0.17% (39% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-22036 is to upgrade Rancher to version 2.9.3 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls and network segmentation to limit the potential blast radius of a successful attack. Review and restrict the permissions granted to cluster and node drivers. While a WAF or proxy cannot directly prevent this container escape, it can help mitigate the impact by limiting exposure of vulnerable endpoints. After upgrading, verify the fix by attempting to execute a malicious driver command and confirming that it is blocked.
Aktualisieren Sie Rancher auf die Version 2.7.16, 2.8.9 oder 2.9.3 oder auf eine spätere Version, um die Schwachstelle zu beheben. Dies verhindert die Privilegienerweiterung und die Remote-Codeausführung.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-22036 is a critical Remote Code Execution vulnerability affecting Rancher versions 2.7.0–2.9.3, allowing attackers to escape the chroot jail and gain root access.
You are affected if you are running Rancher versions 2.7.0 through 2.9.3. Upgrade to 2.9.3 or later to mitigate the risk.
Upgrade Rancher to version 2.9.3 or later. If immediate upgrade is not possible, implement stricter access controls and network segmentation.
While no active exploitation has been confirmed, the vulnerability's severity and potential impact suggest a medium probability of exploitation.
Refer to the official Rancher security advisory for detailed information and updates: [https://www.rancher.com/security/](https://www.rancher.com/security/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.