Skip to content

x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6r7x-4q7g-h83j #2764

New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/rancher/rancher: GHSA-6r7x-4q7g-h83j#2764
Assignees
maceonthompson
Labels
triaged
@GoVulnBot

Description

@GoVulnBot
GoVulnBot
opened on Apr 24, 2024

In GitHub Security Advisory GHSA-6r7x-4q7g-h83j, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/rancher/rancher 2.1.6 >= 2.0.0, <= 2.1.5

Cross references:

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/rancher/rancher
      versions:
        - introduced: TODO (earliest fixed "2.1.6", vuln range ">= 2.0.0, <= 2.1.5")
      packages:
        - package: github.com/rancher/rancher
summary: |-
    Rancher Project Members Have Continued Access to Namespaces After Being Removed
    From Them in github.com/rancher/rancher
cves:
    - CVE-2019-6287
ghsas:
    - GHSA-6r7x-4q7g-h83j
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2019-6287
    - report: https://github.com/rancher/rancher/issues/17244
    - report: https://github.com/rancher/rancher/issues/17724
    - web: https://forums.rancher.com/t/rancher-release-v2-1-6/13148
    - web: https://forums.rancher.com/t/rancher-security-announcement-cve-2018-20321-and-cve-2019-6287/13149
    - web: https://rancher.com/blog/2019/2019-01-29-explaining-security-vulnerabilities-addressed-in-rancher-v2-1-6-and-v2-0-11
    - advisory: https://github.com/advisories/GHSA-6r7x-4q7g-h83j
source:
    id: GHSA-6r7x-4q7g-h83j

Metadata

Metadata

Assignees

Labels

triaged

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions