x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-2p4g-jrmx-r34m #2761

GoVulnBot · 2024-04-24T22:01:27Z

In GitHub Security Advisory GHSA-2p4g-jrmx-r34m, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/rancher/rancher		<= 2.1.4

Cross references:

Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-wm2r-rp98-8pmh #439 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-21951 #464 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-4fc7-hc63-7fjg #551 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-hx8w-ghh8-r4xf #605 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-jwvr-vv7p-gpwq, CVE-2021-36784 #610 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-9qq2-xhmc-h9qr #644 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36782 #973 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36783 #974 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-31247 #975 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-34p5-jp77-fcrc #1511 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-7m72-mh5r-6j3r #1513 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8c69-r38j-rpfj #1514 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c45c-39f6-6gw9 #1516 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-cq4p-vp5q-4522 #1517 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-g25r-gvq3-wrq7 #1518 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m9f-pj6w-w87g #1736 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-43760 #1814 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22647 #1815 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22648 #1816 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8vhc-hwhc-cpj4 #1825 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m8r-jh89-rq7h #1905 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-w3x4-9854-95x8 #1973 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gc62-j469-9gjm #1991 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c85r-fwc7-45vc #2535 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-xfj7-qf8w-2gcr #2537 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher/server: GHSA-xhg2-rvm8-w2jh #755

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/rancher/rancher
      versions:
        - {}
      vulnerable_at: 1.6.30
      packages:
        - package: github.com/rancher/rancher
summary: Rancher Login Parameter Can Be Edited in github.com/rancher/rancher
cves:
    - CVE-2019-11881
ghsas:
    - GHSA-2p4g-jrmx-r34m
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2019-11881
    - report: https://github.com/rancher/rancher/issues/20216
    - web: https://github.com/MauroEldritch/VanCleef
    - advisory: https://github.com/advisories/GHSA-2p4g-jrmx-r34m
source:
    id: GHSA-2p4g-jrmx-r34m

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-06-04T20:43:04Z

Change https://go.dev/cl/590278 mentions this issue: data/reports: add 48 unreviewed reports

tatianab assigned maceonthompson May 10, 2024

tatianab added the triaged label May 23, 2024

gopherbot closed this as completed in 8ed6db9 Jun 5, 2024

GoVulnBot mentioned this issue Sep 26, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-h4h5-9833-v2p4 #3161

Closed

GoVulnBot mentioned this issue Oct 15, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22644 #3201

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-2p4g-jrmx-r34m #2761

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-2p4g-jrmx-r34m #2761

GoVulnBot commented Apr 24, 2024

gopherbot commented Jun 4, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-2p4g-jrmx-r34m #2761

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-2p4g-jrmx-r34m #2761

Comments

GoVulnBot commented Apr 24, 2024

gopherbot commented Jun 4, 2024