-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Security: rancher/rancher
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Unauthenticated Denial of ServiceGHSA-4h45-jpvh-6p5j published
Aug 28, 2025 by samjustusHigh -
Users who can create Projects can gain access to arbitrary projectsGHSA-8h6m-wv39-239m published
Apr 25, 2025 by pdellamoreHigh -
Restricted Administrator can change Administrator's passwordsGHSA-8p83-cpfg-fj3g published
Mar 31, 2025 by pdellamoreCritical -
Improper Account Binding Validation in SAML Authentication Enables User Impersonation on First LoginGHSA-mq23-vvg7-xfm4 published
Feb 27, 2025 by pdellamoreHigh -
Unauthenticated stack overflow in /v3-public/authproviders APIGHSA-xr9q-h9c7-xw8q published
Feb 27, 2025 by pdellamoreHigh -
SAML-based login via CLI can be denied by unauthenticated usersGHSA-5qmp-9x47-92q8 published
Feb 27, 2025 by pdellamoreModerate -
Stored XSS in Rancher UIGHSA-2v2w-8v8c-wcm9 published
Jan 14, 2025 by pdellamoreHigh -
Helm Applications may have sensitive values leakedGHSA-9c5p-35gj-jqp4 published
Nov 19, 2024 by pdellamoreModerate -
Privilege escalation in Windows nodes due to Insecure Access Control ListsGHSA-7h8m-pvw3-5gh4 published
Oct 25, 2024 by samjustusCritical -
Rancher Remote Code Execution via Cluster/Node DriversGHSA-h99m-6755-rgwc published
Oct 25, 2024 by samjustusCritical