Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: terraform-providers.rancher2

Found 3 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-62879
6.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month, 3 weeks ago Activity log
  • Created suggestion 1 month, 3 weeks ago
Rancher Backup Operator pod's logs leak S3 tokens

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.

Affected products

github.com/rancher/backup-restore-operator
  • <6.0.3
  • <9.0.1
  • <7.0.5
  • <8.1.2

Matching in nixpkgs

pkgs.rancher

Rancher Command Line Interface (CLI) is a unified tool for interacting with your Rancher Server

Package maintainers

Permalink CVE-2025-62878
9.9 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 4 weeks ago Activity log
  • Created suggestion 1 month, 4 weeks ago
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.

Affected products

github.com/rancher/local-path-provisioner
  • <0.0.34

Matching in nixpkgs

pkgs.rancher

Rancher Command Line Interface (CLI) is a unified tool for interacting with your Rancher Server

Package maintainers

Permalink CVE-2025-67601
8.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 4 weeks ago Activity log
  • Created suggestion 1 month, 4 weeks ago
Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.

Affected products

github.com/rancher/rancher
  • <0.0.0-20260129092249-bb0625fd1896
  • <2.12.6
  • <2.11.10
  • <2.13.2
  • <2.10.11

Matching in nixpkgs

pkgs.rancher

Rancher Command Line Interface (CLI) is a unified tool for interacting with your Rancher Server

Package maintainers