Bug 1181852 (CVE-2021-25313) - VUL-0: CVE-2021-25313: Rancher: XSS on /v3/cluster/
Summary: VUL-0: CVE-2021-25313: Rancher: XSS on /v3/cluster/
Status: RESOLVED FIXED
Alias: CVE-2021-25313
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P1 - Urgent : Critical
Target Milestone: ---
Assignee: Johannes Segitz
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv3.1:SUSE:CVE-2021-25313:6.1:(AV:...
Keywords: security, security_vulnerability
Depends on:
Blocks:
 
Reported: 2021-02-05 17:49 UTC by Jonathan Mercier
Modified: 2021-06-01 16:55 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Mercier 2021-02-05 17:49:04 UTC 
This is an official request from the Rancher engineering team for a CVE ID so that we can patch the vulnerability.

We have created the Slack channel to track this: #cve-xss-feb2021

The associated Github issues:
https://github.com/rancherlabs/rancher-security/issues/528
https://github.com/rancherlabs/rancher-security/issues/535
Comment 1 Jonathan Mercier 2021-02-05 17:52:34 UTC 
I attempted to assign this ticket to Johannes Segitz as requested (jsegitz@suse.de) but the assignee part comes back and indicates that there is no such contact. My apologies.
Comment 3 Johannes Segitz 2021-02-09 09:11:56 UTC 
Waiting to make this public once Rancher gets the update update
Comment 5 Johannes Segitz 2021-03-05 08:33:24 UTC 
fixed by Rancher