A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.
History

Wed, 04 Dec 2024 14:30:00 +0000

Type Values Removed Values Added
Description A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message. A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-10T19:35:43

Updated: 2024-12-04T14:17:22.229317

Reserved: 2019-05-10T00:00:00

Link: CVE-2019-11881

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-06-10T20:29:01.090

Modified: 2024-12-04T15:15:07.187

Link: CVE-2019-11881

cve-icon Redhat

No data.