{"id":"GHSA-53pj-67m4-9w98","summary":"Rancher code injection via fluentd config commands","details":"In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container.","aliases":["CVE-2019-12303","GO-2024-2762"],"modified":"2024-06-05T16:43:06.649200Z","published":"2022-05-24T16:47:29Z","database_specific":{"severity":"HIGH","nvd_published_at":"2019-06-06T16:29:00Z","github_reviewed_at":"2024-04-24T21:01:44Z","github_reviewed":true,"cwe_ids":["CWE-74"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12303"},{"type":"WEB","url":"https://forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466"},{"type":"PACKAGE","url":"https://github.com/rancher/rancher"}],"affected":[{"package":{"name":"github.com/rancher/rancher","ecosystem":"Go","purl":"pkg:golang/github.com/rancher/rancher"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.0.0"},{"fixed":"2.2.4"}]}],"database_specific":{"last_known_affected_version_range":"\u003c= 2.2.3","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-53pj-67m4-9w98/GHSA-53pj-67m4-9w98.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}