cbcvebase.
CVE-2022-31247
published 2022-09-07

CVE-2022-31247: An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role…

PriorityP345critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
0.81%
52.4th percentile
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comrancher_rancher>= 2.5.0 < 2.5.162.5.16
github.comrancher_rancher>= 2.6.0 < 2.6.72.6.7
suserancher>= 2.5.0 < 2.5.162.5.16
suserancher>= 2.6.0 < 2.6.72.6.7
suserancher>= Rancher < 2.6.72.6.7
suserancher>= Rancher < 2.5.162.5.16
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.