Insufficient Verification of Data Authenticity in github.com/rancher/cli

CVE-2024-58267

github.com/rancher/cli
gopkg.in/rancher/cli.v0
gopkg.in/rancher/cli.v1
gopkg.in/rancher/cli.v2

High

8/10

Summary

A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher's authentication tokens. This issue affects github.com/rancher/cli versions 2.9.x prior to 2.9.12-rc.1, 2.10.x prior to 2.10.10-rc.1, 2.11.x prior to 2.11.6-rc.1, and 2.12.x prior to 2.12.2-rc.1.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-345 - Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

Advisory Timeline

Published Oct 02, 2025

Insufficient Verification of Data Authenticity in github.com/rancher/cli

CVE-2024-58267

Summary

CWE-345 - Insufficient Verification of Data Authenticity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS