VDB
CVE-2024-58259
CVE-2024-58259
PUBLISHED
CVSS 8.199999809265137 HIGH
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).
EPSS 0.04% · 11.7th percentile
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS Score
0.04%
11.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | rancher | 2.12.0, 2.10.0, 2.9.0 |
| github.com | rancher/rancher | 2.12.0, 2.11.0, 2.10.0 |
Timeline
- Aug 29, 2025 CVE Published
- Sep 1, 2025 PoC Published
- Sep 2, 2025 EPSS Score
- Sep 2, 2025 Coalition ESS Score
- Sep 2, 2025 PoC Published
- Sep 10, 2025 EPSS Score
- Sep 17, 2025 EPSS Score
- Sep 25, 2025 EPSS Score
- Oct 2, 2025 EPSS Score
- Oct 4, 2025 Coalition ESS Score
- Oct 6, 2025 Coalition ESS Score
- Oct 10, 2025 EPSS Score
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58259 url
- https://github.com/rancher/rancher/security/advisories/GHSA-4h45-jpvh-6p5j url
- https://github.com/rancher/rancher/commit/aee95d4e2a41ba2df6f88c9634d4fe1f42dee4d9 url
- https://github.com/rancher/rancher package
- https://github.com/rancher/rancher/releases/tag/v2.10.9 url
- https://github.com/rancher/rancher/releases/tag/v2.11.5 url
- https://github.com/rancher/rancher/releases/tag/v2.12.1 url
- https://github.com/rancher/rancher/releases/tag/v2.9.11 url