A vulnerability in the login component of Rancher could allow an unauthenticated, remote attacker to gain unauthorized access on a targeted system.
The vulnerability exists because the errorMsg parameter of affected software can be tampered with to display arbitrary content. An attacker could exploit this vulnerability by persuading a user to visit phishing sites, which the attacker could use to access sensitive information and gain unauthorized access to the affected software. A successful exploit could be used to conduct further attacks.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
Rancher has confirmed the vulnerability and released software updates.
Security Impact Rating: Low