CVE-2019-12303

Опубликовано: 06 июн. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container.

Ссылки

https://forums.rancher.com/c/announcements
Release Notes
Vendor Advisory
https://forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466
Release Notes
Vendor Advisory
https://forums.rancher.com/c/announcements
Release Notes
Vendor Advisory
https://forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.2.3 (включая)

EPSS

Процентиль: 72%

0.00732

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-53pj-67m4-9w98