MEDIUM 6.1
GHSA-6m8r-jh89-rq7h
Rancher Cross-site Scripting Vulnerability
Details
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6.
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/rancher/rancher
Introduced in:
2.5.0 Fixed in: 2.5.6 Fix
go get github.com/rancher/rancher@v2.5.6 Go / github.com/rancher/rancher
Introduced in:
2.4.0 Fixed in: 2.4.14 Fix
go get github.com/rancher/rancher@v2.4.14 Go / github.com/rancher/rancher
Introduced in:
0 Fixed in: 2.3.11 Fix
go get github.com/rancher/rancher@v2.3.11 References
- https://nvd.nist.gov/vuln/detail/CVE-2021-25313 [ADVISORY]
- https://github.com/rancher/rancher/issues/31583 [WEB]
- https://bugzilla.suse.com/show_bug.cgi?id=1181852 [WEB]
- https://github.com/rancher/rancher/releases/tag/v2.3.11 [WEB]
- https://github.com/rancher/rancher/releases/tag/v2.4.14 [WEB]
- https://github.com/rancher/rancher/releases/tag/v2.5.6 [WEB]