Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0755" }
{ "imports": [ { "path": "github.com/rancher/rancher/server", "symbols": [ "Start" ] }, { "path": "github.com/rancher/rancher/pkg/clusterrouter", "symbols": [ "Router.ServeHTTP" ] } ] }