2 matches found
Rancher 2.0.x < 2.0.15 / 2.1.x < 2.1.10 / 2.2.x < 2.2.4 Command Injection
In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable...
CVE-2019-12303
In Rancher 2.x (up to 2.2.3), project owners can inject fluentd configuration to read files or execute arbitrary commands inside the fluentd container due to a flawed fluentd config handling (CVE-2019-12303). The issue is evidenced by multiple sources in the connected documents showing code-injec...