A critical security vulnerability in SUSE Rancher Manager has been discovered that enables attackers with elevated privileges to lock out administrative accounts, potentially disrupting entire Kubernetes cluster management operations.
The flaw, tracked as CVE-2024-58260, carries a high severity rating with a CVSS score of 7.1.
Vulnerability Overview
The security issue stems from missing server-side validation on the username field within Rancher Manager.
This oversight allows users with update permissions on User resources to manipulate usernames in ways that can deny service access to targeted accounts, including the critical admin account.
| Attribute | Details |
| CVE ID | CVE-2024-58260 |
| Severity | High (CVSS 7.1) |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H |
| Patched Versions | 2.12.2, 2.11.6, 2.10.10, 2.9.12 |
The vulnerability enables two primary attack vectors. In username takeover attacks, malicious users can set another user’s username to “admin,” preventing both the legitimate administrator and the affected user from logging in due to Rancher’s uniqueness enforcement at login time.
Additionally, account lockout attacks allow users with update permissions on admin accounts to change the administrator’s username, effectively blocking all administrative access to the Rancher UI.
These attack scenarios align with the MITRE ATT&CK framework’s Account Access Removal technique (T1531), where adversaries interrupt the availability of system and network resources by inhibiting access to accounts utilized by legitimate users.
The flaw specifically impacts organizations running affected Rancher Manager versions across multiple release branches.
The vulnerability requires high privileges to exploit, as attackers must already possess update permissions on User resources.
However, once exploited, the impact can be severe, completely disrupting platform administration and user authentication capabilities.
Organizations should immediately upgrade to patched versions: 2.12.2, 2.11.6, 2.10.10, or 2.9.12.
For environments where immediate patching isn’t feasible, administrators should strictly limit update permissions on user-related resources to only trusted users.
The vulnerability disclosure was published by security researcher Samjustus through GitHub Security Advisory GHSA-q82v-h4rq-5c86, emphasizing the importance of proper input validation in enterprise container management platforms.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
