Rancher API Server Cross-site Scripting Vulnerability

🗓️ 08 Feb 2024 18:46:23Reported by GitHub Advisory DatabaseType

Rancher API Server XSS Vulnerability. Unauthenticated users can execute remote commands by exploiting a reflected XSS attack in the API Server's public endpoint. Fixes include input encoding and URL construction changes.

Reporter	Title	Published	Views	Family All 17
Chainguard	CVE-2023-32192 vulnerabilities	16 Oct 202413:15	–	cgr
Circl	CVE-2023-32192	16 Oct 202416:22	–	circl
CNNVD	Rancher API Server 安全漏洞	16 Oct 202400:00	–	cnnvd
CVE	CVE-2023-32192	16 Oct 202412:23	–	cve
Cvelist	CVE-2023-32192 Rancher API Server Cross-site Scripting Vulnerability	16 Oct 202412:23	–	cvelist
EUVD	EUVD-2024-0567	3 Oct 202520:07	–	euvd
NVD	CVE-2023-32192	16 Oct 202413:15	–	nvd
OSV	CGA-5567-9QCX-HQ6X	29 Jan 202600:42	–	osv
OSV	CGA-66GW-P5J8-8MGC	25 Sep 202405:15	–	osv
OSV	CVE-2023-32192	16 Oct 202413:15	–	osv

Vulners

Node

rancher apiserverRange<0.0.0-20240207153957-4fd7d821d952go

Source	Link
github	www.github.com/rancher/apiserver/security/advisories/GHSA-833m-37f7-jq55
github	www.github.com/rancher/apiserver/commit/4df268e250f625fa323349062636496e0aeff4e4
github	www.github.com/rancher/apiserver/commit/4e102cf0d07b1af3d10d82c3e5a751a869b8a6c7
github	www.github.com/rancher/apiserver/commit/4fd7d821d952510bfe38c9d4a3e2a65157f50525
github	www.github.com/rancher/apiserver/commit/69b3c2b56f3fa5a421889c533dada8cd08783cda
github	www.github.com/rancher/apiserver/commit/97a10a30200cb851afd8ee85ee6b2295c4b6e5ee
github	www.github.com/rancher/apiserver/commit/a3b9e3721c1b558ee63aec9594e37c223a5c8437
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-32192
bugzilla	www.bugzilla.suse.com/show_bug.cgi
github	www.github.com/advisories/GHSA-833m-37f7-jq55

16 Oct 2024 17:25Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.18.3

EPSS0.00347

SSVC

CWE-80