Rancher < 2.2.4 Web Parameter Tampering

medium Nessus Plugin ID 125879

Synopsis

A Docker container of Rancher installed on the remote host is missing a security patch.

Description

The version of a Docker container of Rancher is < 2.2.4 and, thus, is affected by web parameter tampering vulnerability.
A vulnerability exists in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a 'This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading)' message.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 2.2.4 or later.

See Also

http://www.nessus.org/u?c7c2e216

Plugin Details

Severity: Medium

ID: 125879

File Name: rancher_2_1_4.nasl

Version: 1.4

Type: combined

Family: Misc.

Published: 6/14/2019

Updated: 5/16/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2019-11881

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:/a:rancher_labs:rancher

Required KB Items: Settings/ParanoidReport, installed_sw/Rancher

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/5/2019

Vulnerability Publication Date: 5/14/2019

Reference Information

CVE: CVE-2019-11881