Platform
kubernetes
Component
rancher
Opgelost in
2.7.16
2.8.9
2.9.3
CVE-2024-22036 describes a Remote Code Execution (RCE) vulnerability within the Rancher Kubernetes management platform. This flaw allows an attacker leveraging a cluster or node driver to escape the chroot jail and achieve root access to the Rancher container itself. The vulnerability impacts Rancher versions 2.7.0 through 2.9.3 and has been addressed in version 2.9.3.
The impact of CVE-2024-22036 is severe. Successful exploitation allows an attacker to gain root access within the Rancher container, enabling them to execute arbitrary code. In production environments, this could lead to privilege escalation and compromise of sensitive data. In test and development environments utilizing privileged Docker containers, the attacker can escape the container entirely and gain execution access on the host system, potentially leading to full system compromise. This vulnerability resembles container escape exploits, allowing attackers to move laterally and potentially impact other systems connected to the network.
CVE-2024-22036 is currently not listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is not yet publicly available, but the vulnerability's severity and potential impact suggest a medium probability of exploitation. The vulnerability was publicly disclosed on 2025-04-16.
Organizations heavily reliant on Rancher for Kubernetes management, particularly those with production environments and privileged Docker container deployments, are at significant risk. Shared hosting environments utilizing Rancher are also vulnerable, as a compromised driver could impact multiple tenants.
• linux / server:
journalctl -u rancher -g "chroot jail escape"• linux / server:
lsof -i -P | grep rancher• kubernetes: Inspect Kubernetes pod configurations for unusual driver permissions or network access. • kubernetes: Review Rancher audit logs for suspicious driver activity or attempts to escalate privileges.
disclosure
Exploit Status
EPSS
0.17% (39% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-22036 is to upgrade Rancher to version 2.9.3 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls and network segmentation to limit the potential blast radius of a successful attack. Review and restrict the permissions granted to cluster and node drivers. While a WAF or proxy cannot directly prevent this container escape, it can help mitigate the impact by limiting exposure of vulnerable endpoints. After upgrading, verify the fix by attempting to execute a malicious driver command and confirming that it is blocked.
Werk Rancher bij naar versie 2.7.16, 2.8.9 of 2.9.3, of een latere versie, om de kwetsbaarheid te verhelpen. Dit voorkomt privilege escalatie en remote code execution.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-22036 is a critical Remote Code Execution vulnerability affecting Rancher versions 2.7.0–2.9.3, allowing attackers to escape the chroot jail and gain root access.
You are affected if you are running Rancher versions 2.7.0 through 2.9.3. Upgrade to 2.9.3 or later to mitigate the risk.
Upgrade Rancher to version 2.9.3 or later. If immediate upgrade is not possible, implement stricter access controls and network segmentation.
While no active exploitation has been confirmed, the vulnerability's severity and potential impact suggest a medium probability of exploitation.
Refer to the official Rancher security advisory for detailed information and updates: [https://www.rancher.com/security/](https://www.rancher.com/security/)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.