VDB
GHSA-8h6m-wv39-239m
GHSA-8h6m-wv39-239m
PUBLISHED
CVSS 8.5 HIGH
Rancher users who can create Projects can gain access to arbitrary projects
Risk Scores
CVSS 3.1
8.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | rancher/rancher | 2.10.0, 2.11.0, 2.8.0 |
Timeline
- Apr 25, 2025 CVE Published
- May 23, 2025 CVE Updated
References
- https://github.com/rancher/rancher/security/advisories/GHSA-8h6m-wv39-239m url
- https://github.com/rancher/rancher/commit/7f16b596120dd382ce6e9ed0baf83bc23f633054 url
- https://github.com/rancher/rancher/commit/9c1d1c2bfcba36ae4f06c1fd043eb539ad801d4d url
- https://github.com/rancher/rancher/commit/b0be28f86fc556414bd9b323f05b2b4bf8317c2d url
- https://github.com/rancher/rancher/commit/f036e8b6ab726c3abbc03bbf7c8d0d53373c84e5 url
- https://github.com/rancher/rancher package
- https://pkg.go.dev/vuln/GO-2025-3647 url