Jarkko Vesiluoma

**Name of the Vulnerable Software and Affected Versions** Rancher versions 2.7.0 through 2.7.14 Rancher versions 2.8.0 through 2.8.7 Rancher versions 2.9.0 through 2.9.1 **Description** A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL. This issue has a high complexity bar, and there is no reported successful exploitation. **Recommendations** For Rancher versions 2.7.0 through 2.7.14, upgrade to version 2.7.15 to stay protected. For Rancher versions 2.8.0 through 2.8.7, upgrade to version 2.8.8 to stay protected. For Rancher versions 2.9.0 through 2.9.1, upgrade to version 2.9.2 to stay protected. As a temporary workaround, consider following standard security practices, including properly controlling the expiration and ownership of the domain used as the Rancher URL, enabling DNSSEC, and properly cleaning up and decommissioning unused clusters and downstream clusters. For Windows nodes running older versions of RKE2, manually resolve the issue by following the provided instructions and updating the `rancher-wins` version to 0.4.18 or greater.