// For flags

CVE-2019-11881

 

Severity Score

4.7
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.

Existe una vulnerabilidad Rancher 2.1.4 en el componente de inicio de sesión, donde el parámetro errorMsg puede ser manipularse para mostrar contenido arbitrario, filtrando etiquetas pero caracteres especiales o símbolos. No hay otra limitación del mensaje, permitiendo a usuarios maliciosos atraer a usuarios para visitar con tácticas de miedo. por ejemplo, mostrando un mensaje "Esta versión de Rancher está desactualizada, visite https://malicious.rancher.site/upgrading" .

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-05-10 CVE Reserved
  • 2019-06-10 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-10-31 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (2)
URL Tag Source
https://github.com/MauroEldritch/VanCleef Third Party Advisory
URL Date SRC
https://github.com/rancher/rancher/issues/20216 2024-08-04
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Suse
Search vendor "Suse"
 Rancher
Search vendor "Suse" for product "Rancher"
 2.1.4
Search vendor "Suse" for product "Rancher" and version "2.1.4"
-
Affected