Vulnerabilities > CVE-2019-11881 - Unspecified vulnerability in Suse Rancher 2.1.4

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
suse
nessus

Summary

A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.

Vulnerable Configurations

Part Description Count
Application
Suse
1

Nessus

NASL familyMisc.
NASL idRANCHER_2_1_4.NASL
descriptionThe version of a Docker container of Rancher is < 2.2.4 and, thus, is affected by web parameter tampering vulnerability. A vulnerability exists in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There
last seen2020-06-01
modified2020-06-02
plugin id125879
published2019-06-14
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/125879
titleRancher < 2.2.4 Web Parameter Tampering Vulnerability
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125879);
  script_version("1.2");
  script_cvs_date("Date: 2019/10/18 23:14:15");

  script_cve_id("CVE-2019-11881");

  script_name(english:"Rancher < 2.2.4 Web Parameter Tampering Vulnerability");
  script_summary(english:"Checks version of Rancher.");

  script_set_attribute(attribute:"synopsis", value:
"A Docker container of Rancher installed on the remote host is
missing a security patch.");
  script_set_attribute(attribute:"description", value:
"The version of a Docker container of Rancher is < 2.2.4 and, thus, is affected by web parameter tampering vulnerability.
A vulnerability exists in the login component, where the errorMsg parameter can be tampered to display arbitrary 
content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing 
malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a 'This version 
of Rancher is outdated, please visit https://malicious.rancher.site/upgrading)' message.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  # https://github.com/rancher/rancher/issues/20216
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7c2e216");
  script_set_attribute(attribute:"solution", value:
"Upgrade to version 2.2.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11881");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/14");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:rancher_labs:rancher");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("rancher_local_detection.nbin", "rancher_web_ui_detect.nbin");
  script_require_keys("installed_sw/Rancher", "Settings/ParanoidReport");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

app = 'Rancher';

get_install_count(app_name:app, exit_if_zero:TRUE);
app_info = vcf::combined_get_app_info(app:app);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

constraints = [
  {'fixed_version' : '2.2.4'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);