{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52282", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "state": "PUBLISHED", "assignerShortName": "suse", "dateReserved": "2024-11-06T12:19:57.723Z", "datePublished": "2025-04-11T10:57:55.420Z", "dateUpdated": "2025-04-11T13:24:10.230Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "github.com/rancher/rancher", "product": "rancher", "vendor": "SUSE", "versions": [{"lessThan": "2.8.10", "status": "affected", "version": "2.8.0", "versionType": "semver"}, {"lessThan": "2.9.4", "status": "affected", "version": "2.9.0", "versionType": "semver"}]}], "datePublic": "2024-11-20T17:24:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with <code>GET</code>\n access to the Rancher Manager Apps Catalog to read any sensitive information that are \ncontained within the Apps\u2019 values. Additionally, the same information \nleaks into auditing logs when the audit level is set to equal or above \n2.</div><p>This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.</p>"}], "value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET\n access to the Rancher Manager Apps Catalog to read any sensitive information that are \ncontained within the Apps\u2019 values. Additionally, the same information \nleaks into auditing logs when the audit level is set to equal or above \n2.\n\nThis issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-04-11T10:57:55.420Z"}, "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52282"}, {"url": "https://github.com/rancher/rancher/security/advisories/GHSA-9c5p-35gj-jqp4"}], "source": {"discovery": "UNKNOWN"}, "title": "Rancher Helm Applications may have sensitive values leaked", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-11T13:23:47.197155Z", "id": "CVE-2024-52282", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T13:24:10.230Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52282", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-11T13:23:47.197155Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T13:24:02.823Z"}}], "cna": {"title": "Rancher Helm Applications may have sensitive values leaked", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SUSE", "product": "rancher", "versions": [{"status": "affected", "version": "2.8.0", "lessThan": "2.8.10", "versionType": "semver"}, {"status": "affected", "version": "2.9.0", "lessThan": "2.9.4", "versionType": "semver"}], "packageName": "github.com/rancher/rancher", "defaultStatus": "unaffected"}], "datePublic": "2024-11-20T17:24:00.000Z", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52282"}, {"url": "https://github.com/rancher/rancher/security/advisories/GHSA-9c5p-35gj-jqp4"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET\n access to the Rancher Manager Apps Catalog to read any sensitive information that are \ncontained within the Apps\u2019 values. Additionally, the same information \nleaks into auditing logs when the audit level is set to equal or above \n2.\n\nThis issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.", "supportingMedia": [{"type": "text/html", "value": "<div>A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with <code>GET</code>\n access to the Rancher Manager Apps Catalog to read any sensitive information that are \ncontained within the Apps\u2019 values. Additionally, the same information \nleaks into auditing logs when the audit level is set to equal or above \n2.</div><p>This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-04-11T10:57:55.420Z"}}}, "cveMetadata": {"cveId": "CVE-2024-52282", "state": "PUBLISHED", "dateUpdated": "2025-04-11T13:24:10.230Z", "dateReserved": "2024-11-06T12:19:57.723Z", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "datePublished": "2025-04-11T10:57:55.420Z", "assignerShortName": "suse"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET\n access to the Rancher Manager Apps Catalog to read any sensitive information that are \ncontained within the Apps\u2019 values. Additionally, the same information \nleaks into auditing logs when the audit level is set to equal or above \n2.\n\nThis issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4."}, {"lang": "es", "value": "Una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un agente no autorizado en SUSE Rancher permite que cualquier usuario con acceso GET al cat\u00e1logo de aplicaciones de Rancher Manager acceda a la informaci\u00f3n confidencial contenida en los valores de las aplicaciones. Adem\u00e1s, esta misma informaci\u00f3n se filtra a los registros de auditor\u00eda cuando el nivel de auditor\u00eda es igual o superior a 2. Este problema afecta a Rancher: de la versi\u00f3n 2.8.0 a la 2.8.10, y de la versi\u00f3n 2.9.0 a la 2.9.4."}], "id": "CVE-2024-52282", "lastModified": "2025-04-11T15:39:52.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 4.0, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2025-04-11T11:15:41.630", "references": [{"source": "meissner@suse.de", "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52282"}, {"source": "meissner@suse.de", "url": "https://github.com/rancher/rancher/security/advisories/GHSA-9c5p-35gj-jqp4"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "meissner@suse.de", "type": "Primary"}]}

{}