What is CVE-2019-13209?

CVE-2019-13209 is a vulnerability in Rancher 2 through 2.2.4 that allows an attacker to gain access to clusters managed by Rancher.

What is the severity of CVE-2019-13209?

CVE-2019-13209 has a severity value of 8.7 (high).

How can an attacker exploit CVE-2019-13209?

An attacker can exploit CVE-2019-13209 by using a Cross-Site Websocket Hijacking attack to gain access to clusters managed by Rancher.

Which versions of Rancher are affected by CVE-2019-13209?

Rancher 2.0.0 through 2.0.16, Rancher 2.1.0 through 2.1.11, and Rancher 2.2.0 through 2.2.4 are affected by CVE-2019-13209.

How do I fix CVE-2019-13209?

To fix CVE-2019-13209, update your Rancher installation to version 2.2.5, 2.1.11, or 2.0.16, depending on the version you are currently using.

Vulnerability/
CVE-2019-13209

high

8.7

CWE

79 352

4/9/2019

18/5/2021

4/8/2024

CVE-2019-13209: XSS

First published: Wed Sep 04 2019(Updated: )

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
SUSE Rancher	>=2.0.0<=2.2.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-13209?
CVE-2019-13209 is a vulnerability in Rancher 2 through 2.2.4 that allows an attacker to gain access to clusters managed by Rancher.
What is the severity of CVE-2019-13209?
CVE-2019-13209 has a severity value of 8.7 (high).
How can an attacker exploit CVE-2019-13209?
An attacker can exploit CVE-2019-13209 by using a Cross-Site Websocket Hijacking attack to gain access to clusters managed by Rancher.
Which versions of Rancher are affected by CVE-2019-13209?
Rancher 2.0.0 through 2.0.16, Rancher 2.1.0 through 2.1.11, and Rancher 2.2.0 through 2.2.4 are affected by CVE-2019-13209.
How do I fix CVE-2019-13209?
To fix CVE-2019-13209, update your Rancher installation to version 2.2.5, 2.1.11, or 2.0.16, depending on the version you are currently using.

collector/github-advisory-latest
alias/GHSA-xhg2-rvm8-w2jh
alias/CVE-2019-13209
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/weakness
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/first-publish-date
agent/description
agent/tags
agent/event
agent/trending
package-manager/go
vendor/suse
canonical/suse rancher
version/suse rancher/2.0.0
version/suse rancher/2.2.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.