Veracode Vulnerability DatabaseVERACODE:39025Command Injection
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
28.4%
github.com/rancher/rancher is vulnerable to Command Injection. The vulnerability exists because git.go doesn’t properly validate user input, allowing an attacker to inject and execute maliciously crafted commands through the rancher host.
References
bugzilla.suse.com/show_bug.cgi?id=1205294
github.com/advisories/GHSA-34p5-jp77-fcrc
github.com/rancher/rancher/commit/6ad4bba7984c86f40b02613d6c587d6a63d3e99d
github.com/rancher/rancher/commit/a230f24f869ddce133d5e36452f9fd5b5c4cc254
github.com/rancher/rancher/commit/af02fbac8702bd8e1cb70addba7783161865c7a4
github.com/rancher/rancher/pull/40242
github.com/rancher/rancher/pull/40243
github.com/rancher/rancher/pull/40244
Related
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
28.4%