A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code.
Write to /var/lib/rancher/ to tamper with cluster state.
If hostPath volumes are mounted, write to the host node filesystem.
Use this issue to chain with other attack vectors.
Exploitability
AV:NAC:LPR:HUI:RScope
S:CImpact
C:HI:HA:H8.4/CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HOther