CVE-2019-13209
Last modified
CVE-2019-13209 is a vulnerability of currently unknown severity. Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. EPSS estimates a 1.10% chance of exploitation in the next 30 days.
Description
Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Suse | Rancher | >= 2.0.0, <= 2.2.4 |
References
- https://forums.rancher.com/c/announcementsRelease Notes, Vendor Advisory
- https://forums.rancher.com/t/rancher-release-v2-2-5-addresses-rancher-cve-2019-13209/14801Release Notes, Vendor Advisory
- https://forums.rancher.com/c/announcementsRelease Notes, Vendor Advisory
- https://forums.rancher.com/t/rancher-release-v2-2-5-addresses-rancher-cve-2019-13209/14801Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-13209?
How severe is CVE-2019-13209?
How do I fix CVE-2019-13209?
Are you affected by CVE-2019-13209?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST