HIGH 8.7
GHSA-xhg2-rvm8-w2jh
Rancher Vulnerable to Cross-site Request Forgery (CSRF)
상세
Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
Go / github.com/rancher/rancher
최초 영향 버전:
2.0.0 수정 버전: 2.0.16 수정
go get github.com/rancher/rancher@v2.0.16 Go / github.com/rancher/rancher
최초 영향 버전:
2.1.0 수정 버전: 2.1.11 수정
go get github.com/rancher/rancher@v2.1.11 Go / github.com/rancher/rancher
최초 영향 버전:
2.2.0 수정 버전: 2.2.5 수정
go get github.com/rancher/rancher@v2.2.5