Home > Vulnerability Database > CVE-2024-22030

Mend.io Vulnerability Database

CVE-2024-22030

Good to know:

Date: October 16, 2024

A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL. The vulnerability is fixed in versions 2.7.15, 2.8.8 and 2.9.2

Language: Go

Severity Score

8.0

Related Resources (8)

Url: https://github.com/rancherlabs/support-tools/tree/master/windows-agent-strict-verify

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22030

Url: https://github.com/rancher/rancher/security/advisories/GHSA-h4h5-9833-v2p4

Url: https://github.com/rancher/rancher

Url: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22030

Url: https://pkg.go.dev/vuln/GO-2024-3161

Url: https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/installation-references/tls-settings

Url: https://www.mend.io/vulnerability-database/CVE-2024-22030

Severity Score

8.0

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Insufficient Verification of Data Authenticity

CWE-345

Top Fix

Upgrade Version

Upgrade to version github.com/rancher/rancher-v2.7.15,v2.8.8,v2.9.2

Learn More

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22030

Good to know:

Date: October 16, 2024

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?