4.7

CVE-2019-11881

Exploit

EPSS 5.54%
Published 10.06.2019 20:29:01
Last modified 04.12.2024 15:15:07
Source cve@mitre.org
Teams watchlist Login
Open Login

A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.

Affected products Warnungen 0 Metrics 3 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Suse ≫ Rancher Version2.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.54%	0.899

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.7	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

https://github.com/MauroEldritch/VanCleef

Third Party Advisory

https://github.com/rancher/rancher/blob/v2.2.4/pkg/auth/providers/saml/saml_client.go#L282

https://github.com/rancher/rancher/commit/e59adbc7565251919d84d6e353421104be8da06e

https://github.com/rancher/rancher/issues/20216

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-11881

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11881

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11881

EUVD