CVE-2024-52281

CVSS v3.1

8.9

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Rancher versions prior to 2.9.4 Rancher versions prior to 2.10.0

Description A vulnerability in the Rancher UI allows a malicious actor to perform a Stored XSS attack through the cluster description field. This could allow malicious actors to execute arbitrary JavaScript code, putting production environments at significant risk. The issue is related to the lack of protection of the web page structure.

Recommendations For versions prior to 2.9.4, upgrade to version 2.9.4 or later. For versions prior to 2.10.0, upgrade to version 2.10.0 or later. As a temporary workaround, consider restricting access to the cluster description field until a patch is applied. Replace the v-tooltip directive with the v-clean-tooltip directive to sanitize HTML code before rendering.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2025-01561

CVE-2024-52281

GHSA-2V2W-8V8C-WCM9

GO-2025-3391

OPENSUSE-SU-2025:14653-1

OPENSUSE-SU-2025_0297-1

SUSE-SU-2025:0297-1

Affected Products

Rancher

Suse

CVE-2024-52281

Weakness Enumeration

Related Identifiers

Affected Products

References · 56