Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS script execution vulnerability #31583

Closed
Jono-SUSE-Rancher opened this issue Mar 4, 2021 · 0 comments
Closed

XSS script execution vulnerability #31583

Jono-SUSE-Rancher opened this issue Mar 4, 2021 · 0 comments
Milestone
v2.5.6

Comments

@Jono-SUSE-Rancher
Copy link
Contributor

Jono-SUSE-Rancher commented Mar 4, 2021
edited by deniseschannon

When accessing the Rancher API with a browser, user input in the URL was not properly escaped and was vulnerable to an XSS attack. Specially crafted URLs to these API endpoints could include JavaScript which would be embedded in the page and execute in a browser. There is no direct mitigation. Avoid clicking on untrusted links to your Rancher server.

This has been resolved in Rancher v2.3.11, v2.4.14 and v2.5.6.
@Jono-SUSE-Rancher Jono-SUSE-Rancher added this to the v2.5.6 milestone Mar 4, 2021
@deniseschannon deniseschannon changed the title PH-v2.5.6 XSS script execution vulnerability Mar 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.5.6
Development

No branches or pull requests
2 participants
@deniseschannon @Jono-SUSE-Rancher