A vital flaw in SUSE Rancher’s consumer administration module permits privileged customers to disrupt administrative entry by modifying usernames of different accounts.
Tracked as CVE-2024-58260, this vulnerability impacts Rancher Supervisor variations 2.9.0 by 2.12.1, enabling each username takeover and full lockout of the admin account.
Organizations working unsupported variations are urged to improve instantly or apply mitigations to forestall unauthorized disruption of cluster administration.
Rancher RBAC Privilege Escalation
Rancher’s RBAC system depends on distinctive usernames at login time, however fails to implement immutability of this discipline after account creation.
An attacker with replace permissions on any consumer useful resource can ship a crafted request to alter the username discipline of a goal account.
When the admin account is focused, the attacker’s new, distinctive identifier takes priority, and the unique admin consumer can now not authenticate.Instance exploit request utilizing Rancher’s API:
This payload renames the admin account, rendering the real administrator unable to log in. The flaw additionally permits arbitrary renaming of any consumer, resulting in consumer takeover by assigning a high-privilege username to a malicious account.
Threat FactorsDetailsAffected ProductsRancher Supervisor v2.9.0–v2.9.11 v2.10.0–v2.10.9v2.11.0–v2.11.5v2.12.0–v2.12.1Impact– Account lockout: prevents admin/UI loginExploit Stipulations– Legitimate Rancher account with replace permission on Consumer APICVSS 3.1 Score7.6 (Excessive)
Mitigations
SUSE Rancher has launched patched variations that implement server-side validation on the .username discipline.
As soon as set, usernames are immutable, stopping subsequent modification makes an attempt. Affected variations and their patched counterparts embody:
2.12.0–2.12.1 → 2.12.2
2.11.0–2.11.5 → 2.11.6
2.10.0–2.10.9 → 2.10.10
2.9.0–2.9.11 → 2.9.12
To improve, run:
For environments the place fast upgrading isn’t doable, directors ought to audit RBAC insurance policies to restrict replace permissions on consumer sources to solely totally trusted operators.
Moreover, allow detailed audit logging to detect and reply to suspicious PUT /v3/customers API calls.
By addressing this high-severity situation, organizations shield the integrity of their Rancher UI and stop potential denial-of-service in opposition to vital administrative accounts.
Steady monitoring of worldwide RBAC settings and immediate adoption of safety patches stay important greatest practices for securing container administration platforms.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
