CVE-2024-58269: 
vulnerability analysis and mitigation

A vulnerability has been identified in Rancher Manager (CVE-2024-58269) where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs. The vulnerability affects versions >=2.9.0, >=2.10.0, >=2.11.0, and >=2.12.0 to <2.12.3 of the Rancher platform. The issue was disclosed and patched in October 2025 with the release of version 2.12.3 (Rancher Advisory).

The vulnerability manifests in two distinct ways: 1) Secret Annotation Leakage occurs when creating Kubernetes Secrets using the stringData field, where the cleartext value is embedded in the kubectl.kubernetes.io/last-applied-configuration annotation and included in audit logs, and 2) Cluster Registration Token Leakage during downstream cluster operations, where full cluster registration manifests and non-expiring tokens are recorded in audit logs. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (Rancher Advisory).

An attacker with access to Rancher audit logs could recover plaintext secret values from annotations, use cluster registration tokens or import URLs to re-enroll agents, and potentially compromise downstream clusters. The exposure enables unauthorized access to clusters that rely on these tokens for authentication, facilitating lateral movement within the infrastructure (Rancher Advisory).

The vulnerability has been patched in Rancher version 2.12.3 by applying redaction to sensitive information. For deployments that cannot be upgraded immediately, users can implement AuditPolicies to redact and filter sensitive requests. A recommended AuditPolicy configuration has been provided to specifically redact secrets. Additionally, organizations should restrict access to Rancher's logs to trusted users only (Rancher Advisory).