4.7

CVE-2019-11881

Exploit

EPSS 5.54%
Veröffentlicht 10.06.2019 20:29:01
Zuletzt bearbeitet 04.12.2024 15:15:07
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Suse ≫ Rancher Version2.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.54%	0.899

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

https://github.com/MauroEldritch/VanCleef

Third Party Advisory

https://github.com/rancher/rancher/blob/v2.2.4/pkg/auth/providers/saml/saml_client.go#L282

https://github.com/rancher/rancher/commit/e59adbc7565251919d84d6e353421104be8da06e

https://github.com/rancher/rancher/issues/20216

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-11881

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11881

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11881

EUVD