Cross-site Websocket Hijacking (CSWSH)

github.com/rancher/rancher is vulnerable to cross-site websocket hijacking CSWSH. It does not check the Origin header in the clients handshake request for trusted origin, allowing an attacker to send an authenticated request to Rancher Server using a Rancher with the privilege of a victim...

Rancher Server Security Bypass Vulnerability

Rancher Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rancher:rancher";...

Rancher Detection

Detection of Rancher Server. The script sends a connection request to the server and attempts to detect Rancher and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Rancher Server - Docker Daemon Code Execution Exploit

Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to...

Rancher Server - Docker Daemon Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rancher Server - Docker Exploit', 'Description' = %q Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounte...

Rancher Server Docker Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rancher Server - Docker Exploit', 'Description' = %q Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounte...

Rancher Server - Docker Exploit

Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to...

Rancher Server Security Bypass Vulnerability

Rancher Server is an open source platform for Docker that integrates native Docker management features such as Docker Machine and Docker Swarm. A security vulnerability exists in Rancher Server version 1.2.0+. An attacker can exploit the vulnerability to disable access control with the help of AP...

PT-2017-17643 · Rancher · Rancher Server

Name of the Vulnerable Software and Affected Versions: Rancher Labs rancher server versions 1.2.0 through 1.2.3 Rancher Labs rancher server versions 1.3.0 through 1.3.4 Rancher Labs rancher server versions 1.4.0 through 1.4.2 Rancher Labs rancher server versions 1.5.0 through 1.5.2 Description: T...