CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Keymous+ Announces Operation Hack For Humanity V2
February 27th, 2025 (4 months ago)
|
|
|
Description: Windows 11 users can deploy a workaround or await the update rollout.
February 27th, 2025 (4 months ago)
|
|
|
Description: Joe has some advice for anyone experiencing self doubt or wondering about their next career move. Plus, catch up on the latest Talos research on scams targeting sellers, and the Lotus Blossom espionage group.
February 27th, 2025 (4 months ago)
|
|
|
Description: SECT0R16 Claims Full Access to FARMSCUBE
February 27th, 2025 (4 months ago)
|
CVE-2025-22624 |
Description: FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php.
CVSS: MEDIUM (6.4) EPSS Score: 0.06%
February 27th, 2025 (4 months ago)
|
|
CVE-2025-0767 |
Description: WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.
CVSS: MEDIUM (6.3) EPSS Score: 0.06%
February 27th, 2025 (4 months ago)
|
|
CVE-2025-1751 |
Description: CVE-2025-1751: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
February 27th, 2025 (4 months ago)
|
|
|
Description: Impact
A vulnerability has been identified within Rancher where it is possible for an unauthenticated user to list all CLI authentication tokens and delete them before the CLI is able to get the token value. This effectively prevents users from logging in via the CLI when using rancher token as the execution command (instead of the token directly being in the kubeconfig).
Note that this token is not the kubeconfig token and if an attacker is able to intercept it they can't use it to impersonate a real user since it is encrypted.
This happens because for SAML-based authentication providers, the login flow from the CLI works by generating a link to be pasted in the browser, and then polling every 10 seconds for the /v3-public/authTokens/ endpoint. The is randomly generated by the CLI. Once the login flow succeeds, Rancher creates an auth token (with an encrypted token value). The CLI then deletes the authToken.
Rancher deployments using only the local authentication provider, or non-SAML-based authentication providers, are not impacted by this vulnerability. SAML-based users not using the CLI are also not impacted.
Please consult the associated MITRE ATT&CK - Technique - Account Access Removal for further information about this category of attack.
Patches
The fix involves removing GET and DELETE methods for the authTokens collection.
Patched versions include releases v2.8.13, v2.9.7 and v2.10.3.
Workarounds
Users can refrain from using the Rancher CLI to log in as a work...
February 27th, 2025 (4 months ago)
|
|
|
Description: Impact
An unauthenticated stack overflow crash, leading to a denial of service (DoS), was identified in Rancher’s /v3-public/authproviders public API endpoint. A malicious user could submit data to the API which would cause the Rancher server to crash, but no malicious or incorrect data would actually be written in the API. The downstream clusters, i.e., the clusters managed by Rancher, are not affected by this issue.
This vulnerability affects those using external authentication providers as well as Rancher’s local authentication.
Patches
The patch includes the removal of unnecessary HTTP methods of the specific API.
Patched versions include releases v2.8.13, v2.9.7 and v2.10.3.
Workarounds
There are no workarounds for this issue. Users are recommended to upgrade, as soon as possible, to a version of Rancher Manager that contains the fix.
References
If you have any questions or comments about this advisory:
Reach out to the SUSE Rancher Security team for security related inquiries.
Open an issue in the Rancher repository.
Verify with our support matrix and product support lifecycle.
References
https://github.com/rancher/rancher/security/advisories/GHSA-xr9q-h9c7-xw8q
https://github.com/advisories/GHSA-xr9q-h9c7-xw8q
February 27th, 2025 (4 months ago)
|
|
|
Description: Impact
A vulnerability in Rancher has been discovered, leading to a local user impersonation through SAML Authentication on first login.
The issue occurs when a SAML authentication provider (AP) is configured (e.g. Keycloak). A newly created AP user can impersonate any user on Rancher by manipulating cookie values during their initial login to Rancher. This vulnerability could also be exploited if a Rancher user (present on the AP) is removed, either manually or automatically via the User Retention feature with delete-inactive-user-after.
More precisely, Rancher validates only a subset of input from the SAML assertion request; however, it trusts and uses values that are not properly validated. An attacker could then configure the saml_Rancher_UserID cookie and the saml_Rancher_Action cookie so that the user principal from the AP will be added to the user specified by the attacker (from saml_Rancher_UserID). Rancher can then be deceived by setting saml_Rancher_UserID to the admin's user ID and saml_Rancher_Action to testAndEnable, thereby executing the vulnerable code path and leading to privilege escalation.
Note that the vulnerability impacts all SAML APs available in Rancher. However the following Rancher deployments are not affected :
Rancher deployments not using SAML-based AP.
Rancher deployments using SAML-based AP, where all SAML users are already signed in and linked to a Rancher account.
Please consult the associated MITRE ATT&CK - Technique - Access Token Manipu...
February 27th, 2025 (4 months ago)
|