CVE-2025-23389

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-23389

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23389.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-23389

Aliases

Downstream

openSUSE-SU-2025:14889-1

Related

openSUSE-SU-2025:14889-1

Published

2025-04-11T11:15:42.620Z

Modified

2026-02-04T21:33:30.729585Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L CVSS Calculator

Summary

[none]

Details

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

References

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type: GIT
Repo: https://github.com/rancher/rancher
Events: Introduced

72f58378bf03122a9651c9bd3b4c143a57e8fdaa

Fixed

a717664d9c190b98a1d085744b3838bdc78e9f2a

Introduced

9e0cc54e7e3a924cf0ed5c5d4db0a6e53805c75e

Fixed

cecf1d1e99c7c046e73141d97595e18e0c0a78b2

Introduced

df45e368c82d4027410fa4700371982b9236b7c8

Fixed

ecc87e7d86e96949523872ab091c6f7a009b2f67

Affected versions

v2.*

v2.10.0

v2.10.0-alpha1

v2.10.0-alpha10

v2.10.0-alpha11

v2.10.0-alpha12

v2.10.0-alpha2

v2.10.0-alpha3

v2.10.0-alpha4

v2.10.0-alpha5

v2.10.0-alpha6

v2.10.0-alpha7

v2.10.0-alpha8

v2.10.0-alpha9

v2.10.0-rc1

v2.10.0-rc2

v2.10.0-rc3

v2.10.0-rc4

v2.10.1

v2.10.1-alpha1

v2.10.1-rc1

v2.10.2

v2.10.2-alpha1

v2.10.2-alpha2

v2.10.2-alpha3

v2.10.2-alpha4

v2.10.2-rc1

v2.10.3-alpha1

v2.10.3-alpha2

v2.10.3-rc1

v2.8.0

v2.8.0-rc5

v2.8.10

v2.8.10-alpha1

v2.8.10-alpha2

v2.8.10-rc1

v2.8.10-rc2

v2.8.11

v2.8.11-alpha1

v2.8.11-rc1

v2.8.12

v2.8.12-alpha1

v2.8.12-alpha2

v2.8.12-rc1

v2.8.13-alpha1

v2.8.13-rc1

v2.8.3

v2.8.3-alpha1

v2.8.3-alpha2

v2.8.3-rc1

v2.8.3-rc2

v2.8.3-rc3

v2.8.3-rc4

v2.8.3-rc5

v2.8.3-rc6

v2.8.3-rc7

v2.8.3-rc8

v2.8.4

v2.8.4-alpha1

v2.8.4-rc1

v2.8.4-rc2

v2.8.4-rc3

v2.8.4-rc4

v2.8.4-rc5

v2.8.6

v2.8.6-alpha1

v2.8.6-alpha2

v2.8.6-alpha3

v2.8.6-alpha4

v2.8.6-alpha5

v2.8.6-alpha6

v2.8.6-rc1

v2.8.6-rc2

v2.8.6-rc3

v2.8.6-rc4

v2.8.7

v2.8.7-rc1

v2.8.7-rc10

v2.8.7-rc2

v2.8.7-rc3

v2.8.7-rc4

v2.8.7-rc5

v2.8.7-rc6

v2.8.7-rc7

v2.8.7-rc8

v2.8.7-rc9

v2.8.8

v2.8.8-alpha1

v2.8.8-alpha2

v2.8.8-rc1

v2.8.9

v2.8.9-alpha1

v2.8.9-alpha10

v2.8.9-alpha2

v2.8.9-alpha3

v2.8.9-alpha4

v2.8.9-alpha5

v2.8.9-alpha6

v2.8.9-alpha8

v2.8.9-alpha9

v2.8.9-rc1

v2.8.9-rc2

v2.9.0

v2.9.0-alpha1

v2.9.0-alpha2

v2.9.0-alpha3

v2.9.0-alpha4

v2.9.0-alpha5

v2.9.0-alpha6

v2.9.0-alpha7

v2.9.0-alpha8

v2.9.0-rc1

v2.9.0-rc2

v2.9.0-rc3

v2.9.0-rc4

v2.9.0-rc5

v2.9.0-rc6

v2.9.1

v2.9.1-alpha1

v2.9.1-alpha2

v2.9.1-rc1

v2.9.1-rc2

v2.9.1-rc3

v2.9.1-rc4

v2.9.1-rc5

v2.9.1-rc6

v2.9.2

v2.9.2-alpha1

v2.9.2-alpha2

v2.9.2-alpha3

v2.9.2-alpha4

v2.9.2-alpha5

v2.9.2-alpha6

v2.9.2-alpha7

v2.9.2-rc1

v2.9.3

v2.9.3-alpha1

v2.9.3-alpha2

v2.9.3-alpha3

v2.9.3-alpha4

v2.9.3-alpha5

v2.9.3-alpha6

v2.9.3-alpha7

v2.9.3-rc1

v2.9.3-rc2

v2.9.4

v2.9.4-alpha1

v2.9.4-alpha2

v2.9.4-alpha3

v2.9.4-alpha4

v2.9.4-alpha5

v2.9.4-hotfix-schema-leak.1

v2.9.4-rc1

v2.9.4-rc2

v2.9.4-rc3

v2.9.5

v2.9.5-alpha1

v2.9.5-rc1

v2.9.6

v2.9.6-alpha1

v2.9.6-alpha2

v2.9.6-alpha3

v2.9.6-rc1

v2.9.7-alpha1

v2.9.7-alpha2

v2.9.7-alpha3

v2.9.7-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23389.json"