Vulnerability-Lookup

CVE-2025-23387 (GCVE-0-2025-23387)

Vulnerability from cvelistv5 – Published: 2025-04-11 10:52 – Updated: 2025-04-11 13:27

Title

Rancher's SAML-based login via CLI can be denied by unauthenticated users

Summary

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

suse

References

URL

Tags

	https://bugzilla.suse.com/show_bug.cgi?id=CVE-202…
	https://github.com/rancher/rancher/security/advis…

Impacted products

	Vendor	Product	Version
	SUSE	rancher	Affected: 2.8.0 , < 2.8.13 (semver) Affected: 2.9.0 , < 2.9.7 (semver) Affected: 2.10.0 , < 2.10.3 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23387",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-11T13:27:25.277408Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-11T13:27:36.050Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "github.com/rancher/rancher",
          "product": "rancher",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "2.8.13",
              "status": "affected",
              "version": "2.8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.9.7",
              "status": "affected",
              "version": "2.9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.10.3",
              "status": "affected",
              "version": "2.10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-27T17:27:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.\u003cp\u003eThis issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.\u003c/p\u003e"
            }
          ],
          "value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-11T10:52:44.866Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387"
        },
        {
          "url": "https://github.com/rancher/rancher/security/advisories/GHSA-5qmp-9x47-92q8"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Rancher\u0027s SAML-based login via CLI can be denied by unauthenticated users",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2025-23387",
    "datePublished": "2025-04-11T10:52:44.866Z",
    "dateReserved": "2025-01-15T12:39:03.324Z",
    "dateUpdated": "2025-04-11T13:27:36.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-23387\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-11T13:27:25.277408Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-11T13:27:29.784Z\"}}], \"cna\": {\"title\": \"Rancher\u0027s SAML-based login via CLI can be denied by unauthenticated users\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SUSE\", \"product\": \"rancher\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.8.0\", \"lessThan\": \"2.8.13\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.9.0\", \"lessThan\": \"2.9.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.10.0\", \"lessThan\": \"2.10.3\", \"versionType\": \"semver\"}], \"packageName\": \"github.com/rancher/rancher\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-02-27T17:27:00.000Z\", \"references\": [{\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387\"}, {\"url\": \"https://github.com/rancher/rancher/security/advisories/GHSA-5qmp-9x47-92q8\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.\u003cp\u003eThis issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"404e59f5-483d-4b8a-8e7a-e67604dd8afb\", \"shortName\": \"suse\", \"dateUpdated\": \"2025-04-11T10:52:44.866Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-23387\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-11T13:27:36.050Z\", \"dateReserved\": \"2025-01-15T12:39:03.324Z\", \"assignerOrgId\": \"404e59f5-483d-4b8a-8e7a-e67604dd8afb\", \"datePublished\": \"2025-04-11T10:52:44.866Z\", \"assignerShortName\": \"suse\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-5QMP-9X47-92Q8

Vulnerability from github – Published: 2025-02-27 18:27 – Updated: 2025-05-27 18:32

Summary

Rancher's SAML-based login via CLI can be denied by unauthenticated users

Details

Impact

A vulnerability has been identified within Rancher where it is possible for an unauthenticated user to list all CLI authentication tokens and delete them before the CLI is able to get the token value. This effectively prevents users from logging in via the CLI when using rancher token as the execution command (instead of the token directly being in the kubeconfig).

Note that this token is not the kubeconfig token and if an attacker is able to intercept it they can't use it to impersonate a real user since it is encrypted.

This happens because for SAML-based authentication providers, the login flow from the CLI works by generating a link to be pasted in the browser, and then polling every 10 seconds for the /v3-public/authTokens/<token name> endpoint. The <token name> is randomly generated by the CLI. Once the login flow succeeds, Rancher creates an auth token (with an encrypted token value). The CLI then deletes the authToken.

Rancher deployments using only the local authentication provider, or non-SAML-based authentication providers, are not impacted by this vulnerability. SAML-based users not using the CLI are also not impacted.

Please consult the associated MITRE ATT&CK - Technique - Account Access Removal for further information about this category of attack.

Patches

The fix involves removing GET and DELETE methods for the authTokens collection.

Patched versions include releases v2.8.13, v2.9.7 and v2.10.3.

Workarounds

Users can refrain from using the Rancher CLI to log in as a workaround. Otherwise, users are advised to upgrade to a patched version of Rancher Manager.

References

If you have any questions or comments about this advisory: - Reach out to the SUSE Rancher Security team for security related inquiries. - Open an issue in the Rancher repository. - Verify with our support matrix and product support lifecycle.

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-23387"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-27T18:27:41Z",
    "nvd_published_at": "2025-04-11T11:15:42Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nA vulnerability has been identified within Rancher where it is possible for an unauthenticated user to list all CLI authentication tokens and delete them before the CLI is able to get the token value. This effectively prevents users from logging in via the CLI when using rancher token as the execution command (instead of the token directly being in the kubeconfig). \n\nNote that this token is not the kubeconfig token and if an attacker is able to intercept it they can\u0027t use it to impersonate a real user since it is encrypted.\n\nThis happens because for SAML-based authentication providers, the login flow from the CLI works by generating a link to be pasted in the browser, and then polling every 10 seconds for the `/v3-public/authTokens/\u003ctoken name\u003e` endpoint.  The `\u003ctoken name\u003e` is randomly generated by the CLI. Once the login flow succeeds, Rancher creates an auth token (with an encrypted token value). The CLI then deletes the authToken.\n\n\nRancher deployments using only the local authentication provider, or non-SAML-based authentication providers, are not impacted by this vulnerability. SAML-based users not using the CLI are also not impacted.\n\n\nPlease consult the associated  [MITRE ATT\u0026CK - Technique - Account Access Removal](https://attack.mitre.org/techniques/T1531/) for further information about this category of attack.\n\n### Patches\nThe fix involves removing GET and DELETE methods for the authTokens collection.\n\nPatched versions include releases `v2.8.13`, `v2.9.7` and `v2.10.3`.\n\n### Workarounds\nUsers can refrain from using the Rancher CLI to log in as a workaround. Otherwise, users are advised to upgrade to a patched version of Rancher Manager.\n\n### References\nIf you have any questions or comments about this advisory:\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
  "id": "GHSA-5qmp-9x47-92q8",
  "modified": "2025-05-27T18:32:38Z",
  "published": "2025-02-27T18:27:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/security/advisories/GHSA-5qmp-9x47-92q8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23387"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/pull/48616"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/pull/48998"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/pull/48999"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/pull/49000"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/commit/2481630c4a5a75d81eb69d10d7558ea833395a1e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/commit/bedd911b9b321436faa2d9e20a161f6ac396aa74"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/commit/ceeedb1aa67c319f4873615f19c3f56a66f39706"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/commit/dfa034d05a55b5e57990a1f700176dcd8e963dbc"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rancher/rancher"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/releases/tag/v2.10.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/releases/tag/v2.8.13"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/releases/tag/v2.9.7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rancher\u0027s SAML-based login via CLI can be denied by unauthenticated users"
}

CERTFR-2025-AVI-0563

Vulnerability from certfr_avis - Published: 2025-07-08 - Updated: 2025-07-08

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Splunk	Splunk Enterprise	Splunk Enterprise Cloud versions 9.3.2411.x antérieures à 9.3.2411.107
Splunk	SOAR	Splunk SOAR versions antérieures à 6.4.1
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.4.x antérieures à 9.4.3
Splunk	Universal Forwarder	Splunk Universal Forwarder versions 9.2.x antérieures à 9.2.7
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.3.x antérieures à 9.3.5
Splunk	Splunk DB Connect	Splunk DB Connect versions antérieures à 4.0.0
Splunk	Universal Forwarder	Splunk Universal Forwarder versions 9.3.x antérieures à 9.3.5
Splunk	Universal Forwarder	Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.3
Splunk	Splunk Enterprise	Splunk Enterprise Cloud versions 9.3.2408.x antérieures à 9.3.2408.117
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.1.x antérieures à 9.1.10
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.2.x antérieures à 9.2.7
Splunk	Splunk Enterprise	Splunk Enterprise Cloud versions 9.2.2406.x antérieures à 9.2.2406.121
Splunk	Universal Forwarder	Splunk Universal Forwarder versions 9.1.x antérieures à 9.1.10

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2025-0708	2025-07-07	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0703	2025-07-07	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0701	2025-07-07	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0706	2025-07-07	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0705	2025-07-07	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0702	2025-07-07	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0712	2025-07-07	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0711	2025-07-07	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0707	2025-07-07	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0710	2025-07-07	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0709	2025-07-07	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-0704	2025-07-07	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk Enterprise Cloud versions 9.3.2411.x ant\u00e9rieures \u00e0 9.3.2411.107",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk SOAR versions ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "SOAR",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.3",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Universal Forwarder versions 9.2.x ant\u00e9rieures \u00e0 9.2.7",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.5",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk DB Connect versions ant\u00e9rieures \u00e0 4.0.0",
      "product": {
        "name": "Splunk DB Connect",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Universal Forwarder versions 9.3.x ant\u00e9rieures \u00e0 9.3.5",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.3",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise Cloud versions 9.3.2408.x ant\u00e9rieures \u00e0 9.3.2408.117",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.10",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.7",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise Cloud versions 9.2.2406.x ant\u00e9rieures \u00e0 9.2.2406.121",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Universal Forwarder versions 9.1.x ant\u00e9rieures \u00e0 9.1.10",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2022-30187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30187"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2024-2466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
    },
    {
      "name": "CVE-2025-27414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27414"
    },
    {
      "name": "CVE-2025-20324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20324"
    },
    {
      "name": "CVE-2025-23388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23388"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2025-20319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20319"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2023-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
    },
    {
      "name": "CVE-2020-28458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
    },
    {
      "name": "CVE-2025-20321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20321"
    },
    {
      "name": "CVE-2024-45338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
    },
    {
      "name": "CVE-2025-20325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20325"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2025-23387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23387"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2021-23445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
    },
    {
      "name": "CVE-2024-48949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
    },
    {
      "name": "CVE-2025-23389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23389"
    },
    {
      "name": "CVE-2024-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
    },
    {
      "name": "CVE-2022-35583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35583"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-52804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52804"
    },
    {
      "name": "CVE-2025-20300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20300"
    },
    {
      "name": "CVE-2024-45801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2025-20323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20323"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2024-38999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
    },
    {
      "name": "CVE-2025-20320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20320"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2024-45230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45230"
    },
    {
      "name": "CVE-2024-49767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
    },
    {
      "name": "CVE-2024-47875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
    },
    {
      "name": "CVE-2025-20322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20322"
    },
    {
      "name": "CVE-2024-21272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21272"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2024-8096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-21090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21090"
    },
    {
      "name": "CVE-2013-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7489"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2024-52616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
    },
    {
      "name": "CVE-2024-0853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0853"
    },
    {
      "name": "CVE-2025-22952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22952"
    },
    {
      "name": "CVE-2024-32002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    }
  ],
  "initial_release_date": "2025-07-08T00:00:00",
  "last_revision_date": "2025-07-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0563",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0708",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0708"
    },
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0703",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0703"
    },
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0701",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0701"
    },
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0706",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0706"
    },
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0705",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0705"
    },
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0702",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0702"
    },
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0712",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0712"
    },
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0711",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0711"
    },
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0707",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0707"
    },
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0710",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0710"
    },
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0709",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0709"
    },
    {
      "published_at": "2025-07-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0704",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-0704"
    }
  ]
}

FKIE_CVE-2025-23387

Vulnerability from fkie_nvd - Published: 2025-04-11 11:15 - Updated: 2025-04-11 15:39

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

	URL	Tags
	meissner@suse.de	https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387
	meissner@suse.de	https://github.com/rancher/rancher/security/advisories/GHSA-5qmp-9x47-92q8

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en SUSE Rancher permit\u00eda a usuarios no autenticados enumerar todos los tokens de autenticaci\u00f3n de la CLI y eliminarlos antes de que la CLI pueda obtener el valor del token. Este problema afecta a Rancher: desde la versi\u00f3n 2.8.0 hasta la 2.8.13, desde la versi\u00f3n 2.9.0 hasta la 2.9.7, desde la versi\u00f3n 2.10.0 hasta la 2.10.3."
    }
  ],
  "id": "CVE-2025-23387",
  "lastModified": "2025-04-11T15:39:52.920",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "meissner@suse.de",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-11T11:15:42.367",
  "references": [
    {
      "source": "meissner@suse.de",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23387"
    },
    {
      "source": "meissner@suse.de",
      "url": "https://github.com/rancher/rancher/security/advisories/GHSA-5qmp-9x47-92q8"
    }
  ],
  "sourceIdentifier": "meissner@suse.de",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "meissner@suse.de",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-23387 (GCVE-0-2025-23387)

GHSA-5QMP-9X47-92Q8

Impact

Patches

Workarounds

References

CERTFR-2025-AVI-0563

Solutions

FKIE_CVE-2025-23387

Tags

Sightings

Nomenclature