Nixpkgs Security Tracker

Permalink CVE-2025-67601

8.3 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 3 weeks, 3 days ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 3 days ago
@LeSuisse removed
2 packages
- terraform-providers.rancher2
- terraform-providers.rancher_rancher2
3 weeks, 3 days ago
@LeSuisse accepted 3 weeks, 3 days ago
@LeSuisse published on GitHub 3 weeks, 3 days ago

Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

References

Affected products

github.com/rancher/rancher

<0.0.0-20260129092249-bb0625fd1896
<2.12.6
<2.10.11
<2.13.2
<2.11.10

Matching in nixpkgs

pkgs.rancher

Rancher Command Line Interface (CLI) is a unified tool for interacting with your Rancher Server

nixos-unstable 2.13.2
- nixpkgs-unstable 2.13.2
- nixos-unstable-small 2.13.2
nixos-25.11 2.12.3
- nixos-25.11-small 2.12.3
- nixpkgs-25.11-darwin 2.12.3

Ignored packages (2)

pkgs.terraform-providers.rancher2

None

nixos-unstable rancher2-13.1.4
- nixpkgs-unstable rancher2-13.1.4
- nixos-unstable-small rancher2-13.1.4
nixos-25.11 rancher2-8.3.1
- nixos-25.11-small rancher2-8.3.1
- nixpkgs-25.11-darwin rancher2-8.3.1

pkgs.terraform-providers.rancher_rancher2