Please note that this information is under embargo until the release is official and should not be shared with others
Dear Rancher Customer,
This is an advance security notice on the following CVE:
CVE-2021-25313 - Rancher - XSS attack on the Rancher API
Am I vulnerable?
You are vulnerable if you are running any Rancher 2 version prior to the patched versions.
How do I mitigate this vulnerability?
We are currently working on providing the fix that will address this vulnerability. We expect to make the following Rancher release next week (week beginning Mon, March 1st) that will include the fix:
Stay tuned. We will update you with a follow-up communication closer to the release.
Simply reply to this email from email@example.com and we will track and respond to you as a regular Support Ticket.
Rancher Support Team