CVE-2024-58267

Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.9.12 Rancher Manager versions prior to 2.10.10 Rancher Manager versions prior to 2.11.6 Rancher Manager versions prior to 2.12.2

Description Rancher Manager is susceptible to phishing attacks targeting SAML authentication when used with the Rancher CLI tool. An attacker can craft a malicious SAML login URL containing a controlled publicKey and requestId. If a user clicks this link, they may be prompted to log in, unknowingly providing their credentials. This allows the attacker to obtain an encrypted token, which can then be decrypted using their public key, granting them access to the victim’s Rancher token. The vulnerability stems from the custom authentication protocol used for SAML-based providers. The Rancher CLI previously did not clearly display the requestId associated with the authentication session, making it difficult for users to verify the legitimacy of the login process.

Recommendations Update to Rancher Manager version 2.9.12 or later. Update to Rancher Manager version 2.10.10 or later. Update to Rancher Manager version 2.11.6 or later. Update to Rancher Manager version 2.12.2 or later. If updating is not immediately possible, verify the URL printed by the Rancher CLI during a SAML authentication flow, specifically the requestId parameter. Ensure the URL in the browser matches the one logged by the CLI. Do not proceed with login if there is a discrepancy.