CNNVD-202510-359 Information

CNNVD ID

CNNVD-202510-359

Related CVE

CVE-2025-54468

• CNNVD Published: 2025-10-02

Description (Chinese)

Rancher是美国Rancher开源的一个开源容器管理平台，专为在生产环境中部署容器的组织而构建。 Rancher存在信息泄露漏洞，该漏洞源于Impersonate-Extra-标头通过meta/proxy端点发送至外部实体，可能导致敏感信息泄露。

Description (English)

Rancher, an open-source container management platform at Rancher Open Source, United States, was built specifically for the organization that deployed containers in the production environment. Rancher has a leaky information loophole that originates from the Impersonate-Extra-head sent to an external entity via the meta/proxy endpoint, which may lead to the disclosure of sensitive information.

Hazard Level

High

Vulnerability Type

信息泄露

Affected Vendor

Rancher

Published

2025-10-02

Last Modified

2026-02-24

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54468 https://github.com/rancher/rancher/security/advisories/GHSA-mjcp-rj3c-36fr

Patch

https://www.rancher.com/