Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-11202

Good to know:

icon

Date: July 30, 2019

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them.

Language: Go

Severity Score

Related Resources (8)

https://nvd.nist.gov/vuln/detail/CVE-2019-11202
https://github.com/advisories/GHSA-xh8x-j8h3-m5ph
https://pkg.go.dev/vuln/GO-2024-2784
https://rancher.com/docs/rancher/v2.x/en/security/
https://forums.rancher.com/c/announcements
https://forums.rancher.com/t/rancher-release-v2-2-2-addresses-rancher-cve-2019-11202-and-stability-issues/13977
https://github.com/rancher/rancher
https://www.mend.io/vulnerability-database/CVE-2019-11202

Severity Score

Weakness Type (CWE)

Authentication Issues

CWE-287

Credentials Management

CWE-255

Top Fix

icon

Upgrade Version

Upgrade to version v2.0.14,v2.1.9,v2.2.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us