A SAML authentication replay vulnerability in Rancher's Assertion
Consumer Service (ACS) handler did not enforce
one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,
Metrics
Affected Vendors & Products
References
History
Tue, 30 Jun 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Suse
Suse rancher |
|
| Vendors & Products |
Suse
Suse rancher |
Tue, 30 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 30 Jun 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3, | |
| Title | SAML Authentication Replay in Rancher | |
| Weaknesses | CWE-294 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: suse
Published: 2026-06-30T12:14:54.269Z
Updated: 2026-07-01T03:55:46.881Z
Reserved: 2026-05-08T12:29:48.969Z
Link: CVE-2026-44946
Updated: 2026-06-30T13:44:21.786Z
No data.
No data.