cbcvebase.
CVE-2019-11881
published 2019-06-10

CVE-2019-11881: A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering…

PriorityP424medium4.7CVSS 3.0
AVNACLPRNUIRSCCNILAN
EPSS
2.26%
80.8th percentile
A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.

Affected

2 ranges
VendorProductVersion rangeFixed in
github.comrancher_rancher0 – 2.1.4
suserancher

CVSS provenance

nvdv3.04.7MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.