A vulnerability has been identified in which unauthenticated cross-site
scripting (XSS) in the API Server's public API endpoint can be
exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser
scripting (XSS) in the API Server's public API endpoint can be
exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser
Metrics
Affected Vendors & Products
References
History
Sat, 12 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Wed, 16 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Kubernetes
Kubernetes apiserver |
|
CPEs | cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:* | |
Vendors & Products |
Kubernetes
Kubernetes apiserver |
|
Metrics |
ssvc
|
Wed, 16 Oct 2024 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser | |
Title | Rancher API Server Cross-site Scripting Vulnerability | |
Weaknesses | CWE-80 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: suse
Published:
Updated: 2024-10-16T17:25:48.514Z
Reserved: 2023-05-04T08:30:59.322Z
Link: CVE-2023-32192

Updated: 2024-10-16T16:25:36.703Z

Status : Awaiting Analysis
Published: 2024-10-16T13:15:12.297
Modified: 2024-10-16T16:38:14.557
Link: CVE-2023-32192

No data.

No data.