Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-67601

8.3 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 month, 4 weeks ago Activity log

Created suggestion 1 month, 4 weeks ago

Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

References

Affected products

github.com/rancher/rancher

<0.0.0-20260129092249-bb0625fd1896
<2.12.6
<2.11.10
<2.13.2
<2.10.11

Matching in nixpkgs

pkgs.rancher

Rancher Command Line Interface (CLI) is a unified tool for interacting with your Rancher Server

nixos-unstable 2.13.2
- nixpkgs-unstable 2.13.2
- nixos-unstable-small 2.13.2
nixos-25.11 2.12.3
- nixos-25.11-small 2.12.3
- nixpkgs-25.11-darwin 2.12.3

pkgs.terraform-providers.rancher2

None

nixos-unstable rancher2-13.1.4
- nixpkgs-unstable rancher2-13.1.4
- nixos-unstable-small rancher2-13.1.4
nixos-25.11 rancher2-8.3.1
- nixos-25.11-small rancher2-8.3.1
- nixpkgs-25.11-darwin rancher2-8.3.1

pkgs.terraform-providers.rancher_rancher2

None

nixos-unstable rancher2-13.1.4
- nixpkgs-unstable rancher2-13.1.4
- nixos-unstable-small rancher2-13.1.4
nixos-25.11 rancher2-8.3.1
- nixos-25.11-small rancher2-8.3.1
- nixpkgs-25.11-darwin rancher2-8.3.1

Package maintainers

@bryanasdev000 Bryan Albuquerque <bryanasdev000@gmail.com>