data/reports/GO-2025-3982.yaml - vulndb - Git at Google

 id: GO-2025-3982
 modules:
     - module: github.com/rancher/rancher
       non_go_versions:
         - introduced: 2.9.0
         - fixed: 2.9.12
         - introduced: 2.10.0
         - fixed: 2.10.10
         - introduced: 2.11.0
         - fixed: 2.11.6
         - introduced: 2.12.0
         - fixed: 2.12.2
       vulnerable_at: 1.6.30
 summary: |-
     Rancher sends sensitive information to external services through the
     `/meta/proxy` endpoint in github.com/rancher/rancher
 cves:
     - CVE-2025-54468
 ghsas:
     - GHSA-mjcp-rj3c-36fr
 references:
     - advisory: https://github.com/rancher/rancher/security/advisories/GHSA-mjcp-rj3c-36fr
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-54468
     - web: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54468
 source:
     id: GHSA-mjcp-rj3c-36fr
     created: 2025-10-13T10:01:26.67703423Z
 review_status: UNREVIEWED
	id: GO-2025-3982
	modules:
	- module: github.com/rancher/rancher
	non_go_versions:
	- introduced: 2.9.0
	- fixed: 2.9.12
	- introduced: 2.10.0
	- fixed: 2.10.10
	- introduced: 2.11.0
	- fixed: 2.11.6
	- introduced: 2.12.0
	- fixed: 2.12.2
	vulnerable_at: 1.6.30
	summary: \|-
	Rancher sends sensitive information to external services through the
	`/meta/proxy` endpoint in github.com/rancher/rancher
	cves:
	- CVE-2025-54468
	ghsas:
	- GHSA-mjcp-rj3c-36fr
	references:
	- advisory: https://github.com/rancher/rancher/security/advisories/GHSA-mjcp-rj3c-36fr
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-54468
	- web: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54468
	source:
	id: GHSA-mjcp-rj3c-36fr
	created: 2025-10-13T10:01:26.67703423Z
	review_status: UNREVIEWED