CVE-2019-11881
published 2019-06-10CVE-2019-11881: A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering…
PriorityP424medium4.7CVSS 3.0
AVNACLPRNUIRSCCNILAN
EPSS
2.26%
80.8th percentile
A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | 0 – 2.1.4 | — |
| suse | rancher | — | — |
CVSS provenance
nvdv3.04.7MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher Login Parameter Can Be Edited in github.com/rancher/rancher
osv·2024-06-05
CVE-2019-11881 Rancher Login Parameter Can Be Edited in github.com/rancher/rancher
Rancher Login Parameter Can Be Edited in github.com/rancher/rancher
Rancher Login Parameter Can Be Edited in github.com/rancher/rancher
OSV
Rancher Login Parameter Can Be Edited
osv·2022-05-24
CVE-2019-11881 [MEDIUM] Rancher Login Parameter Can Be Edited
Rancher Login Parameter Can Be Edited
A vulnerability exists in Rancher 2.1.4 in the login component, where the `errorMsg` parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.
**PoC**
1. Access the following endpoint on any Rancher instance up to 2.1.4: `https://RANCHER:PORT/login?errorMsg=%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6f%77%61%73%70%2e%6f%72%67%2f%69%6e%64%65%78%2e%70%68%70%2f%57%65%62%5f%50%61%72%61%6d%65%74%65%72%5f%54%61%6d%70%65%72%69%6e%67`
It will display a [link
GHSA
Rancher Login Parameter Can Be Edited
ghsa·2022-05-24
CVE-2019-11881 [MEDIUM] Rancher Login Parameter Can Be Edited
Rancher Login Parameter Can Be Edited
A vulnerability exists in Rancher 2.1.4 in the login component, where the `errorMsg` parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.
**PoC**
1. Access the following endpoint on any Rancher instance up to 2.1.4: `https://RANCHER:PORT/login?errorMsg=%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6f%77%61%73%70%2e%6f%72%67%2f%69%6e%64%65%78%2e%70%68%70%2f%57%65%62%5f%50%61%72%61%6d%65%74%65%72%5f%54%61%6d%70%65%72%69%6e%67`
It will display a [link
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/MauroEldritch/VanCleefhttps://github.com/rancher/rancher/blob/v2.2.4/pkg/auth/providers/saml/saml_client.go#L282https://github.com/rancher/rancher/commit/e59adbc7565251919d84d6e353421104be8da06ehttps://github.com/rancher/rancher/issues/20216https://github.com/MauroEldritch/VanCleefhttps://github.com/rancher/rancher/issues/20216
2019-06-10
Published