Closed
Description
What kind of request is this (question/bug/enhancement/feature request): Enhancement
Steps to reproduce (least amount of steps as possible):
- Access the following endpoint on any Rancher instance up to 2.1.4: https://RANCHER:PORT
/login?errorMsg=%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6f%77%61%73%70%2e%6f%72%67%2f%69%6e%64%65%78%2e%70%68%70%2f%57%65%62%5f%50%61%72%61%6d%65%74%65%72%5f%54%61%6d%70%65%72%69%6e%67
Result: It will display a link to OWASP Wiki explaining Web Parameter Tampering.
Other details that may be helpful: Tags are effectively filtered.
Environment information
- Rancher version (
rancher/rancher/rancher/serverimage tag or shown bottom left in the UI): 2.1.4 - Installation option (single install/HA): *
Cluster information
- Cluster type (Hosted/Infrastructure Provider/Custom/Imported):
- Machine type (cloud/VM/metal) and specifications (CPU/memory):
- Kubernetes version (use
kubectl version):
N/A
- Docker version (use
docker version): *
N/A