CVE-2019-12303: Command Injection

June 6, 2019 (updated June 10, 2019)

In Rancher, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container.

References

forums.rancher.com/c/announcements
forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466
nvd.nist.gov/vuln/detail/CVE-2019-12303

Code Behaviors & Features

Detect and mitigate CVE-2019-12303 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →