Vulnerability Details : CVE-2019-11881
Potential exploit
A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.
Products affected by CVE-2019-11881
- cpe:2.3:a:suse:rancher:2.1.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11881
5.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11881
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
|
4.7
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2019-11881
-
https://github.com/rancher/rancher/issues/20216
Web Parameter Tampering on /login?errorMsg · Issue #20216 · rancher/rancher · GitHubExploit;Issue Tracking;Third Party Advisory
-
https://github.com/rancher/rancher/commit/e59adbc7565251919d84d6e353421104be8da06e
Send translation key as error message · rancher/rancher@e59adbc · GitHub
-
https://github.com/MauroEldritch/VanCleef
GitHub - MauroEldritch/VanCleef: Exploit for CVE-2019-11881 (Rancher 2.1.4 Web Parameter Tampering)Third Party Advisory
-
https://github.com/rancher/rancher/blob/v2.2.4/pkg/auth/providers/saml/saml_client.go#L282
rancher/pkg/auth/providers/saml/saml_client.go at v2.2.4 · rancher/rancher · GitHub
Jump to