Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher.
{ "url": "https://pkg.go.dev/vuln/GO-2022-0755", "review_status": "REVIEWED" }
{ "imports": [ { "symbols": [ "Start" ], "path": "github.com/rancher/rancher/server" }, { "symbols": [ "Router.ServeHTTP" ], "path": "github.com/rancher/rancher/pkg/clusterrouter" } ] }