CVE-2019-12303
HIGHRancher 2.0.0-2.2.3 - Authenticated Command Injection via Fluentd Configuration
Title source: llmDescription
In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://forums.rancher.com/c/announcements
Release Notes, Vendor Advisory x_refsource_confirm
https://forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466
Scores
CVSS v3
8.8
EPSS
0.0073
EPSS Percentile
72.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (2)
rancher/rancher
2.0.0 - 2.2.4Go
suse/rancher
2.0.0 - 2.2.3
Published
Jun 06, 2019
Tracked Since
Feb 18, 2026