CVE-2019-13209 in Rancher and Suse Products
Published on September 4, 2019
Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim.
Products Associated with CVE-2019-13209
stack.watch emails you whenever new vulnerabilities are published in Rancher or Suse Rancher. Just hit a watch button to start following.
Exploit Probability
EPSS
0.24%
Percentile
46.20%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.