Vulnerability Report: GO-2022-0755
- CVE-2019-13209, GHSA-xhg2-rvm8-w2jh
- Affects: github.com/rancher/rancher
- Published: May 18, 2021
- Modified: May 20, 2024
Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher.
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-xhg2-rvm8-w2jh.
Affected Packages
-
PathGo VersionsSymbols
-
before v2.2.5-rc6.0.20190621200032-0ddffe484adc+incompatible
-
before v2.2.5-rc6.0.20190621200032-0ddffe484adc+incompatible
Aliases
References
- https://github.com/advisories/GHSA-xhg2-rvm8-w2jh
- https://github.com/rancher/rancher/commit/0ddffe484adccb9e37d9432e8e625d8ebbfb0088
- https://forums.rancher.com/t/rancher-release-v2-2-5-addresses-rancher-cve-2019-13209/14801
- https://vuln.go.dev/ID/GO-2022-0755.json
Credits
- Matt Belisle, Alex Stevenson at Workiva
Feedback
See anything missing or incorrect?
Suggest an edit to this report.