CVE-2024-58259
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).
| Software | From | Fixed in |
|---|---|---|
github.com/rancher/rancher
|
2.12.0 | 2.12.1 |
|
github.com/rancher/rancher
|
2.11.0 | 2.11.5 |
|
github.com/rancher/rancher
|
2.10.0 | 2.10.9 |
|
github.com/rancher/rancher
|
2.9.0 | 2.9.11 |
|
github.com/rancher/rancher
|
- | 0.0.0-20250813072957-aee95d4e2a41 |
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58259
- https://github.com/rancher/rancher/commit/aee95d4e2a41ba2df6f88c9634d4fe1f42dee4d9
- https://github.com/rancher/rancher/releases/tag/v2.10.9
- https://github.com/rancher/rancher/releases/tag/v2.11.5
- https://github.com/rancher/rancher/releases/tag/v2.12.1
- https://github.com/rancher/rancher/releases/tag/v2.9.11
- https://github.com/rancher/rancher/security/advisories/GHSA-4h45-jpvh-6p5j
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime