x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-h4h5-9833-v2p4

[GoVulnBot]

Advisory GHSA-h4h5-9833-v2p4 references a vulnerability in the following Go modules:

Module
github.com/rancher/rancher

Description:

Impact

A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL.

SUSE is unaware of any successful exploitation of this vulnerability, which has a high complexity bar.

Please consult the associated MITRE ATT&CK - Technique - Adversary-in-the-Middle for fu...

References:

• ADVISORY: GHSA-h4h5-9833-v2p4
• ADVISORY: GHSA-h4h5-9833-v2p4
• WEB: https://github.com/rancherlabs/support-tools/tree/master/windows-agent-strict-verify
• WEB: https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/installation-references/tls-settings

Cross references:

• github.com/rancher/rancher appears in 37 other report(s):
  • data/excluded/GO-2022-0439.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-wm2r-rp98-8pmh #439) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-0464.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-21951 #464) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-0551.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-4fc7-hc63-7fjg #551) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-0605.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-hx8w-ghh8-r4xf #605) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-0610.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-jwvr-vv7p-gpwq, CVE-2021-36784 #610) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-0973.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36782 #973) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-0974.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36783 #974) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-0975.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-31247 #975) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1511.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-34p5-jp77-fcrc #1511) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1513.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-7m72-mh5r-6j3r #1513) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1514.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8c69-r38j-rpfj #1514) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1516.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c45c-39f6-6gw9 #1516) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1517.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-cq4p-vp5q-4522 #1517) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1518.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-g25r-gvq3-wrq7 #1518) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1736.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m9f-pj6w-w87g #1736) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1814.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-43760 #1814) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1815.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22647 #1815) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1816.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22648 #1816) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1825.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8vhc-hwhc-cpj4 #1825) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1905.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m8r-jh89-rq7h #1905) EFFECTIVELY_PRIVATE
  • data/reports/GO-2022-0644.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-9qq2-xhmc-h9qr #644)
  • data/reports/GO-2022-0755.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher/server: GHSA-xhg2-rvm8-w2jh #755)
  • data/reports/GO-2023-1973.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-w3x4-9854-95x8 #1973)
  • data/reports/GO-2023-1991.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gc62-j469-9gjm #1991)
  • data/reports/GO-2024-2535.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c85r-fwc7-45vc #2535)
  • data/reports/GO-2024-2537.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-xfj7-qf8w-2gcr #2537)
  • data/reports/GO-2024-2760.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-28g7-896h-695v #2760)
  • data/reports/GO-2024-2761.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-2p4g-jrmx-r34m #2761)
  • data/reports/GO-2024-2762.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-53pj-67m4-9w98 #2762)
  • data/reports/GO-2024-2764.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6r7x-4q7g-h83j #2764)
  • data/reports/GO-2024-2768.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-f9xf-jq4j-vqw4 #2768)
  • data/reports/GO-2024-2771.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gvh9-xgrq-r8hw #2771)
  • data/reports/GO-2024-2778.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-pvxj-25m6-7vqr #2778)
  • data/reports/GO-2024-2784.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-xh8x-j8h3-m5ph #2784)
  • data/reports/GO-2024-2929.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-64jq-m7rq-768h #2929)
  • data/reports/GO-2024-2931.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-9ghh-mmcq-8phc #2931)
  • data/reports/GO-2024-2932.yaml (x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-q6c7-56cq-g2wm #2932)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/rancher/rancher
      non_go_versions:
        - introduced: 2.7.0
        - fixed: 2.7.15
        - introduced: 2.8.0
        - fixed: 2.8.8
        - introduced: 2.9.0
        - fixed: 2.9.2
      vulnerable_at: 1.6.30
summary: Rancher agents can be hijacked by taking over the Rancher Server URL in github.com/rancher/rancher
cves:
    - CVE-2024-22030
ghsas:
    - GHSA-h4h5-9833-v2p4
references:
    - advisory: https://github.com/advisories/GHSA-h4h5-9833-v2p4
    - advisory: https://github.com/rancher/rancher/security/advisories/GHSA-h4h5-9833-v2p4
    - web: https://github.com/rancherlabs/support-tools/tree/master/windows-agent-strict-verify
    - web: https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/installation-references/tls-settings
source:
    id: GHSA-h4h5-9833-v2p4
    created: 2024-09-26T22:01:31.300644642Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/619135 mentions this issue: data/reports: add 15 reports