| - module: github.com/rancher/rancher |
| - fixed: 2.2.5-rc6.0.20190621200032-0ddffe484adc+incompatible |
| vulnerable_at: 2.2.5-rc6.0.20190621195844-88e9e38dc862+incompatible |
| - package: github.com/rancher/rancher/server |
| skip_fix: 'TODO: revisit this reason (multiple cannot find module providing |
| - package: github.com/rancher/rancher/pkg/clusterrouter |
| skip_fix: 'TODO: revisit this reason (multiple cannot find module providing |
| Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking |
| attack that allows an exploiter to gain access to clusters managed by |
| published: 2021-05-18T15:42:40Z |
| credit: Matt Belisle and Alex Stevenson at Workiva |
| - advisory: https://github.com/advisories/GHSA-xhg2-rvm8-w2jh |
| - fix: https://github.com/rancher/rancher/commit/0ddffe484adccb9e37d9432e8e625d8ebbfb0088 |
| - web: https://forums.rancher.com/t/rancher-release-v2-2-5-addresses-rancher-cve-2019-13209/14801 |