VDB
CVE-2024-52280
CVE-2024-52280
PUBLISHED
CVSS 7.699999809265137 HIGH
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.
EPSS 0.21% · 43.0th percentile
Risk Scores
CVSS v3.1
7.699999809265137
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score
0.21%
43.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | rancher | 0, 0, 0 |
| github.com | rancher/steve | 0 |
Timeline
- Nov 20, 2024 CVE Published
- Apr 11, 2025 CVE Updated
- Apr 11, 2025 EPSS Score
- Apr 11, 2025 PoC Published
- Apr 11, 2025 PoC Published
- Apr 24, 2025 EPSS Score
- May 2, 2025 Coalition ESS Score
- May 6, 2025 EPSS Score
- May 19, 2025 EPSS Score
- May 31, 2025 EPSS Score
- Jun 13, 2025 EPSS Score
- Jun 25, 2025 EPSS Score
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52280 url
- https://github.com/rancher/steve/security/advisories/GHSA-j5hq-5jcr-xwx7 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-52280 advisory
- https://github.com/rancher/steve/commit/2175e090fe4b1e603a54e1cdc5148a2b1c11b4d9 url
- https://github.com/rancher/steve package
- https://pkg.go.dev/vuln/GO-2024-3281 url