Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0ycDRnLWpybXgtcjM0bc4AAg9c
Rancher Login Parameter Can Be Edited
A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.
PoC
- Access the following endpoint on any Rancher instance up to 2.1.4:
https://RANCHER:PORT/login?errorMsg=%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6f%77%61%73%70%2e%6f%72%67%2f%69%6e%64%65%78%2e%70%68%70%2f%57%65%62%5f%50%61%72%61%6d%65%74%65%72%5f%54%61%6d%70%65%72%69%6e%67
It will display a link to OWASP Wiki explaining Web Parameter Tampering.
Permalink: https://github.com/advisories/GHSA-2p4g-jrmx-r34mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ycDRnLWpybXgtcjM0bc4AAg9c
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 10 days ago
CVSS Score: 4.7
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Identifiers: GHSA-2p4g-jrmx-r34m, CVE-2019-11881
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-11881
- https://github.com/rancher/rancher/issues/20216
- https://github.com/MauroEldritch/VanCleef
- https://github.com/advisories/GHSA-2p4g-jrmx-r34m
Blast Radius: 7.5
Affected Packages
go:github.com/rancher/rancher
Dependent packages: 30Dependent repositories: 40
Downloads:
Affected Version Ranges: <= 2.1.4
No known fixed version
All affected versions: 0.4.0, 0.4.2, 0.4.3, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.9.1, 0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 0.14.1, 0.14.2, 0.15.0, 0.15.1, 0.16.0, 0.16.1, 0.16.2, 0.16.3, 0.17.0, 0.17.1, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.19.1, 0.19.2, 0.20.0, 0.20.1, 0.20.2, 0.20.3, 0.20.4, 0.21.0, 0.21.1, 0.21.2, 0.21.3, 0.21.4, 0.24.0, 0.25.0, 0.28.0, 0.30.0, 0.31.0, 0.32.0, 0.34.0, 0.35.0, 0.37.0, 0.37.1, 0.38.0, 0.38.1, 0.39.0, 0.40.0, 0.41.0, 0.42.0, 0.43.0, 0.43.1, 0.44.0, 0.46.0, 0.47.0, 0.49.0, 0.49.1, 0.50.0, 0.50.1, 0.50.2, 0.51.0, 0.56.0, 0.56.1, 0.59.0, 0.59.1, 0.63.0, 0.63.1, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15, 1.6.16, 1.6.17, 1.6.18, 1.6.19, 1.6.20, 1.6.21, 1.6.22, 1.6.23, 1.6.24, 1.6.25, 1.6.26, 1.6.27, 1.6.28, 1.6.29, 1.6.30, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4