x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-pvxj-25m6-7vqr #2778

GoVulnBot · 2024-04-24T23:01:36Z

In GitHub Security Advisory GHSA-pvxj-25m6-7vqr, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/rancher/rancher	2.5.9	>= 2.5.0, < 2.5.9

Cross references:

Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-wm2r-rp98-8pmh #439 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-21951 #464 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-4fc7-hc63-7fjg #551 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-hx8w-ghh8-r4xf #605 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-jwvr-vv7p-gpwq, CVE-2021-36784 #610 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-9qq2-xhmc-h9qr #644 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36782 #973 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2021-36783 #974 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-31247 #975 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-34p5-jp77-fcrc #1511 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-7m72-mh5r-6j3r #1513 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8c69-r38j-rpfj #1514 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c45c-39f6-6gw9 #1516 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-cq4p-vp5q-4522 #1517 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-g25r-gvq3-wrq7 #1518 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m9f-pj6w-w87g #1736 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2022-43760 #1814 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22647 #1815 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22648 #1816 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-8vhc-hwhc-cpj4 #1825 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6m8r-jh89-rq7h #1905 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-w3x4-9854-95x8 #1973 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-gc62-j469-9gjm #1991 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-c85r-fwc7-45vc #2535 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-xfj7-qf8w-2gcr #2537 EFFECTIVELY_PRIVATE
Module github.com/rancher/rancher appears in issue x/vulndb: potential Go vuln in github.com/rancher/rancher/server: GHSA-xhg2-rvm8-w2jh #755

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/rancher/rancher
      versions:
        - introduced: 2.5.0
          fixed: 2.5.9
      packages:
        - package: github.com/rancher/rancher
    - module: github.com/rancher/rancher
      versions:
        - introduced: 2.0.0
          fixed: 2.4.16
      packages:
        - package: github.com/rancher/rancher
summary: Rancher Privilege escalation vulnerability via malicious "Connection" header in github.com/rancher/rancher
cves:
    - CVE-2021-31999
ghsas:
    - GHSA-pvxj-25m6-7vqr
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2021-31999
    - web: https://bugzilla.suse.com/show_bug.cgi?id=1187084
    - advisory: https://github.com/advisories/GHSA-pvxj-25m6-7vqr
source:
    id: GHSA-pvxj-25m6-7vqr

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-04-30T15:57:55Z

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

gopherbot · 2024-06-07T15:44:25Z

Change https://go.dev/cl/591202 mentions this issue: data/reports: add 9 unreviewed reports

tatianab assigned maceonthompson May 10, 2024

tatianab added the triaged label May 23, 2024

gopherbot closed this as completed in 4dfc374 Jun 10, 2024

GoVulnBot mentioned this issue Sep 26, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-h4h5-9833-v2p4 #3161

Closed

GoVulnBot mentioned this issue Oct 15, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: CVE-2023-22644 #3201

Closed

This was referenced Oct 25, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-h99m-6755-rgwc #3221

Closed

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-xj7w-r753-vj8v #3223

Closed

GoVulnBot mentioned this issue Nov 21, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-9c5p-35gj-jqp4 #3280

Closed

GoVulnBot mentioned this issue Jan 14, 2025

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-2v2w-8v8c-wcm9 #3391

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-pvxj-25m6-7vqr #2778

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-pvxj-25m6-7vqr #2778

GoVulnBot commented Apr 24, 2024

gopherbot commented Apr 30, 2024

gopherbot commented Jun 7, 2024

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-pvxj-25m6-7vqr #2778

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-pvxj-25m6-7vqr #2778

Comments

GoVulnBot commented Apr 24, 2024

gopherbot commented Apr 30, 2024

gopherbot commented Jun 7, 2024