CVE-2024-58259

A vulnerability has been identified within Rancher Manager in which it 
did not enforce request body size limits on certain public 
(unauthenticated) and authenticated API endpoints. This allows a 
malicious user to exploit this by sending excessively large payloads, 
which are fully loaded into memory during processing, leading toDenial of Service (DoS).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
suseCNA
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58259
https://github.com/rancher/rancher/security/advisories/GHSA-4h45-jpvh-6p5j