CVE-2019-13209

2019-09-04T14:15:00
ID CVE-2019-13209
Type cve
Reporter cve@mitre.org
Modified 2019-09-06T13:24:00

Description

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim.