GHSA-2p4g-jrmx-r34m

Suggest an improvement
Source
https://github.com/advisories/GHSA-2p4g-jrmx-r34m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2p4g-jrmx-r34m/GHSA-2p4g-jrmx-r34m.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2p4g-jrmx-r34m
Aliases
Published
2022-05-24T16:47:41Z
Modified
2024-12-04T16:23:15Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVSS Calculator
Summary
Rancher Login Parameter Can Be Edited
Details

A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.

PoC 1. Access the following endpoint on any Rancher instance up to 2.1.4: https://RANCHER:PORT/login?errorMsg=%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6f%77%61%73%70%2e%6f%72%67%2f%69%6e%64%65%78%2e%70%68%70%2f%57%65%62%5f%50%61%72%61%6d%65%74%65%72%5f%54%61%6d%70%65%72%69%6e%67

It will display a link to OWASP Wiki explaining Web Parameter Tampering.

Database specific 
{
    "nvd_published_at": "2019-06-10T20:29:00Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T21:39:43Z"
}
References

Affected packages

Go / github.com/rancher/rancher

Package

Name
github.com/rancher/rancher
View open source insights on deps.dev
Purl
pkg:golang/github.com/rancher/rancher

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.1.4