CVE-2024-58259

EUVD-2024-54940
A vulnerability has been identified within Rancher Manager in which it 
did not enforce request body size limits on certain public 
(unauthenticated) and authenticated API endpoints. This allows a 
malicious user to exploit this by sending excessively large payloads, 
which are fully loaded into memory during processing, leading to Denial of Service (DoS).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
suseCNA
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
suserancher
2.12.0 ≤
𝑥
< 2.12.1
CNA
suserancher
2.11.0 ≤
𝑥
< 2.11.5
CNA
suserancher
2.10.0 ≤
𝑥
< 2.10.9
CNA
suserancher
2.9.0 ≤
𝑥
< 2.9.11
CNA
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58259
https://github.com/rancher/rancher/security/advisories/GHSA-4h45-jpvh-6p5j