Plateforme
kubernetes
Composant
rancher
Corrigé dans
2.9.4
CVE-2024-52281 represents a Cross-Site Scripting (XSS) vulnerability discovered in the Rancher UI component. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to account compromise and data theft. The vulnerability specifically impacts Rancher versions 2.9.0 through 2.9.4, and a patch is available in version 2.9.4.
An attacker can exploit this Stored XSS vulnerability by injecting malicious JavaScript code into the cluster description field within the Rancher UI. This code will be stored and then executed whenever a user views the cluster description. The impact can be significant, ranging from session hijacking and credential theft to defacement of the Rancher UI and redirection to malicious websites. Successful exploitation could allow an attacker to gain unauthorized access to sensitive data managed within Rancher, including Kubernetes cluster configurations and secrets. The blast radius extends to any user with access to view cluster descriptions, making it a widespread concern within organizations using Rancher. While no direct precedent is immediately apparent, the potential for widespread impact mirrors concerns seen with other XSS vulnerabilities impacting management interfaces.
CVE-2024-52281 was published on April 16, 2025. The vulnerability's EPSS score is currently pending evaluation. No public Proof-of-Concept (POC) exploits have been publicly disclosed at the time of writing, but the ease of exploitation inherent in XSS vulnerabilities suggests a potential for rapid exploitation if a POC is released. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting Rancher.
Statut de l'Exploit
EPSS
0.01% (percentile 2%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-52281 is to immediately upgrade Rancher to version 2.9.4 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the cluster description field to prevent the injection of malicious scripts. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Monitor Rancher logs for suspicious activity, particularly related to the cluster description field, and implement strict access controls to limit who can modify cluster descriptions. After upgrading, confirm the fix by attempting to inject a simple JavaScript payload into the cluster description field and verifying that it is not executed.
Actualice Rancher a la versión 2.9.4 o superior. Esta versión corrige la vulnerabilidad XSS almacenada en el campo de descripción del clúster. La actualización evitará que un atacante ejecute scripts maliciosos en el navegador de otros usuarios.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
It's a Cross-Site Scripting (XSS) vulnerability in Rancher UI, allowing attackers to inject malicious scripts.
If you're running Rancher versions 2.9.0 through 2.9.4, you are potentially affected by this vulnerability.
Upgrade Rancher to version 2.9.4 or later to resolve the issue. Input validation is a temporary workaround.
No public exploits are currently known, but the potential for exploitation exists.
Refer to the SUSE security advisory and the NVD entry for CVE-2024-52281 for detailed information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.