Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: rancher

Found 2 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2025-67601
8.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 3 weeks, 3 days ago by @LeSuisse Activity log
  • Created automatic suggestion 3 weeks, 3 days ago
  • @LeSuisse removed
    2 packages
    • terraform-providers.rancher2
    • terraform-providers.rancher_rancher2
    3 weeks, 3 days ago
  • @LeSuisse accepted 3 weeks, 3 days ago
  • @LeSuisse published on GitHub 3 weeks, 3 days ago
Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

References

Affected products

github.com/rancher/rancher
  • <0.0.0-20260129092249-bb0625fd1896
  • <2.12.6
  • <2.10.11
  • <2.13.2
  • <2.11.10

Matching in nixpkgs

Ignored packages (2)

Package maintainers

Upstream advisory: https://github.com/rancher/rancher/security/advisories/GHSA-mc24-7m59-4q5p
Untriaged
Permalink CVE-2025-62878
9.9 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 weeks, 2 days ago by @mweinelt Activity log
  • Created automatic suggestion 3 weeks, 3 days ago
  • @mweinelt removed
    2 packages
    • terraform-providers.rancher2
    • terraform-providers.rancher_rancher2
    2 weeks, 2 days ago
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.

References

Affected products

github.com/rancher/local-path-provisioner
  • <0.0.34

Matching in nixpkgs

Ignored packages (2)

Package maintainers