Bugzilla – Bug 1181852
VUL-0: CVE-2021-25313: Rancher: XSS on /v3/cluster/
Last modified: 2021-06-01 16:55:27 UTC
This is an official request from the Rancher engineering team for a CVE ID so that we can patch the vulnerability. We have created the Slack channel to track this: #cve-xss-feb2021 The associated Github issues: https://github.com/rancherlabs/rancher-security/issues/528 https://github.com/rancherlabs/rancher-security/issues/535
I attempted to assign this ticket to Johannes Segitz as requested (jsegitz@suse.de) but the assignee part comes back and indicates that there is no such contact. My apologies.
https://github.com/rancherlabs/rancher-security/issues/528 https://github.com/rancherlabs/rancher-security/issues/535 Please use CVE-2021-25313 for this
Waiting to make this public once Rancher gets the update update
Public: https://github.com/rancher/rancher/issues/31583 https://github.com/rancher/rancher/releases/tag/v2.5.6
fixed by Rancher