x/vulndb: add reports/GO-2022-0755.yaml for CVE-2019-13209

tatianab · julieqiu · commit cd6fa17a0ddf · 2022-08-15T17:49:03.000Z
Fixes #755 Change-Id: I4f2898da2c0ee8b859a5a2f5d093e079b7988d0b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/421055 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com>
diff --git a/reports/GO-2022-0755.yaml b/reports/GO-2022-0755.yaml
@@ -0,0 +1,31 @@
+packages:
+  - module: github.com/rancher/rancher
+    package: github.com/rancher/rancher/server
+    symbols:
+      - Start
+    versions:
+      - fixed: 2.2.5-rc6.0.20190621200032-0ddffe484adc+incompatible
+    vulnerable_at: 2.2.5-rc6.0.20190621195844-88e9e38dc862+incompatible
+  - module: github.com/rancher/rancher
+    package: github.com/rancher/rancher/pkg/clusterrouter
+    symbols:
+      - Router.ServeHTTP
+    versions:
+      - fixed: 2.2.5-rc6.0.20190621200032-0ddffe484adc+incompatible
+    vulnerable_at: 2.2.5-rc6.0.20190621195844-88e9e38dc862+incompatible
+description: |
+    Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking
+    attack that allows an exploiter to gain access to clusters managed by
+    Rancher.
+published: 2021-05-18T15:42:40Z
+last_modified: 2022-04-25T20:20:19Z
+cves:
+  - CVE-2019-13209
+ghsas:
+  - GHSA-xhg2-rvm8-w2jh
+credit: Matt Belisle and Alex Stevenson at Workiva
+links:
+    advisory: https://github.com/advisories/GHSA-xhg2-rvm8-w2jh
+    commit: https://github.com/rancher/rancher/commit/0ddffe484adccb9e37d9432e8e625d8ebbfb0088
+    context:
+      - https://forums.rancher.com/t/rancher-release-v2-2-5-addresses-rancher-cve-2019-13209/14801
