CVE-2023-32196
published 2024-10-16CVE-2023-32196: A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific…
PriorityP335medium6.6CVSS 3.1
AVNACHPRHUINSUCHIHAH
EPSS
0.49%
38.6th percentile
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.7.0 < 2.7.14 | 2.7.14 |
| github.com | rancher_rancher | >= 2.7.0 < 2.8.9 | 2.8.9 |
| github.com | rancher_rancher | >= 2.8.0 < 2.8.5 | 2.8.5 |
| github.com | rancher_rancher | >= 2.9.0 < 2.9.3 | 2.9.3 |
| suse | rancher | >= 2.7.0 < 2.7.14 | 2.7.14 |
| suse | rancher | >= 2.8.0 < 2.8.5 | 2.8.5 |
CVSS provenance
nvdv3.16.6MEDIUMCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.5HIGHCVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher
osv·2024-10-28
CVE-2023-32196 Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.7.0 before v2.8.9, from v2.9.0 before v2.9.3.
OSV
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
osv·2024-10-25
CVE-2023-32196 [CRITICAL] Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
### Impact
A vulnerability has been identified whereby Rancher Manager deployments containing Windows nodes have weak Access Control Lists (ACL), allowing `BUILTIN\Users` or `NT AUTHORITY\Authenticated Users` to view or edit sensitive files which could lead to privilege escalation.
The affected files include binaries, scripts, configuration and log files:
```
C:\etc\rancher\wins\config
C:\var\lib\rancher\agent\rancher2_connection_info.json
C:\etc\rancher\rke2\config.yaml.d\50-rancher.yaml
C:\var\lib\rancher\agent\applied\*-*-applied.plan
C:\usr\local\bin\rke2
C:\var\lib\rancher\capr\idempotence\idempotent.sh
```
RKE2 nodes expand the list to include the files below:
```
C:\etc\rancher\node\passw
OSV
Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
osv·2024-06-28
CVE-2023-32196 Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.7.0 before v2.7.14, from v2.8.0 before v2.8.5.
GHSA
Rancher's External RoleTemplates can lead to privilege escalation
ghsa·2024-06-17
CVE-2023-32196 [HIGH] CWE-269 Rancher's External RoleTemplates can lead to privilege escalation
Rancher's External RoleTemplates can lead to privilege escalation
### Impact
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for `RoleTemplate`objects when external=true, which in specific scenarios can lead to privilege escalation.
The bug in the webhook rule resolver ignores rules from a `ClusterRole` for external `RoleTemplates` when its context is set to either `project` or is left empty. The fix introduces a new field to the `RoleTemplate` CRD named `ExternalRules`. The new field will be used to resolve rules directly from the `RoleTemplate`. Additionally, rules from the backing `ClusterRole` will be used if `ExternalRules` is not provided. The new field will always take precedence when it is set, and serve as the source of truth for
OSV
Rancher's External RoleTemplates can lead to privilege escalation
osv·2024-06-17
CVE-2023-32196 [HIGH] Rancher's External RoleTemplates can lead to privilege escalation
Rancher's External RoleTemplates can lead to privilege escalation
### Impact
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for `RoleTemplate`objects when external=true, which in specific scenarios can lead to privilege escalation.
The bug in the webhook rule resolver ignores rules from a `ClusterRole` for external `RoleTemplates` when its context is set to either `project` or is left empty. The fix introduces a new field to the `RoleTemplate` CRD named `ExternalRules`. The new field will be used to resolve rules directly from the `RoleTemplate`. Additionally, rules from the backing `ClusterRole` will be used if `ExternalRules` is not provided. The new field will always take precedence when it is set, and serve as the source of truth for
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-16
Published