CVE-2019-11881

Published: Jun 10, 2019

Modified: Dec 4, 2024

PUBLISHED

Description

A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/MauroEldritch/VanCleef

https://github.com/rancher/rancher/issues/20216

https://github.com/rancher/rancher/commit/e59adbc7565251919d84d6e353421104be8da06e

https://github.com/rancher/rancher/blob/v2.2.4/pkg/auth/providers/saml/saml_client.go#L282

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-11881

Description

Affected Products

References