CVE-2023-32196 — Improper Privilege Management in Rancher

CWE-269 — Improper Privilege Management7 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 84.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Rancher Github.com Rancher Rancher

Timeline

PublishedOct 16

Latest updateOct 28

Description

A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5suse/rancher2.7.0 — 2.7.14+1

▶Gogithub.com/rancher_rancher2.7.0 — 2.7.14+3

🔴Vulnerability Details

OSV

Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher↗2024-10-28

▶

OSV

Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists↗2024-10-25

▶

CVEList

Rancher's External RoleTemplates can lead to privilege escalation↗2024-10-16

▶

OSV

Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher↗2024-06-28

▶

GHSA

Rancher's External RoleTemplates can lead to privilege escalation↗2024-06-17

▶