Upstream information
Description
A vulnerability has been identified in Rancher Manager, where sensitiveinformation, including secret data, cluster import URLs, and
registration tokens, is exposed to any entity with access to Rancher
audit logs.
Upstream Security Advisories:
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| CVSS detail | CNA (SUSE) |
|---|---|
| Base Score | 4.3 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | Low |
| Integrity Impact | None |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- GHSA-mw39-9qc2-f7mg, published Fri Oct 24 02:59:04 CEST 2025
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-15710 |
SUSE Timeline for this CVE
CVE page created: Wed Oct 8 16:00:51 2025CVE page last modified: Wed Nov 19 19:24:21 2025