CVE-2019-13209

HIGH8.7EPSS 0.24%

Cross-site request forgery in github.com/rancher/rancher

Published: 5/18/2021Modified: 5/20/2024

Description

Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher.

Go/github.com/rancher/rancher>= 2.0.0, < 2.0.16
Go/github.com/rancher/rancherfrom 0, < 2.2.5-rc6.0.20190621200032-0ddffe484adc+incompatible

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:H