Rancher: XSS on /v3/cluster/
CVE-2021-25313

7.1HIGH

Key Information:

Vendor

Suse
Status
Rancher
Vendor
CVE Published:
5 March 2021

What is CVE-2021-25313?

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Rancher Rancher < 2.5.6

References

https://bugzilla.suse.com/show_bug.cgi?id=1181852
x_refsource_CONFIRM
https://github.com/rancher/rancher/issues/31583
x_refsource_CONFIRM
https://github.com/rancher/rancher/releases/tag/v2.5.6
x_refsource_CONFIRM

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.