Rancher 2.7-2.9 PrivEsc via node driver chroot escape CVE-2024-22036
CVE-2024-22036 Published on April 16, 2025
Rancher Remote Code Execution via Cluster/Node Drivers
A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot
jail and gain root access to the Rancher container itself. In
production environments, further privilege escalation is possible based
on living off the land within the Rancher container itself. For the test
and development environments, based on a privileged Docker container,
it is possible to escape the Docker container and gain execution access
on the host system.
This issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3.
Vulnerability Analysis
CVE-2024-22036 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2024-22036
stack.watch emails you whenever new vulnerabilities are published in Rancher or Suse Rancher. Just hit a watch button to start following.
Affected Versions
SUSE rancher:- Version 2.7.0 and below 2.7.16 is affected.
- Version 2.8.0 and below 2.8.9 is affected.
- Version 2.9.0 and below 2.9.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.