CVE-2023-32197
published 2025-04-16CVE-2023-32197: A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific…
PriorityP336medium6.6CVSS 3.1
AVNACHPRHUINSUCHIHAH
EPSS
0.51%
39.5th percentile
A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.7.0 < 2.8.9 | 2.8.9 |
| github.com | rancher_rancher | >= 2.7.0 < 2.7.14 | 2.7.14 |
| github.com | rancher_rancher | >= 2.8.0 < 2.8.5 | 2.8.5 |
| github.com | rancher_rancher | >= 2.9.0 < 2.9.3 | 2.9.3 |
| github.com | rancher_rke2 | >= 1.27.0 < 1.27.15 | 1.27.15 |
| github.com | rancher_rke2 | >= 1.28.0 < 1.28.11 | 1.28.11 |
| github.com | rancher_rke2 | >= 1.29.0 < 1.29.6 | 1.29.6 |
| github.com | rancher_rke2 | >= 1.30.0 < 1.30.2 | 1.30.2 |
| suse | rancher | >= 2.7.0 < 2.7.14 | 2.7.14 |
| suse | rancher | >= 2.8.0 < 2.8.5 | 2.8.5 |
CVSS provenance
nvdv3.16.6MEDIUMCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.5HIGHCVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ghsa7.5HIGH
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher
osv·2024-10-28
CVE-2023-32196 Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.7.0 before v2.8.9, from v2.9.0 before v2.9.3.
OSV
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
osv·2024-10-25·CVSS 7.5
[HIGH] RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
### Impact
A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists (ACL), allowing `BUILTIN\Users` or `NT AUTHORITY\Authenticated Users` to view or edit sensitive files which could lead to privilege escalation.
The affected files include binaries, scripts, configuration and log files:
```
C:\etc\rancher\node\password
C:\var\lib\rancher\rke2\agent\logs\kubelet.log
C:\var\lib\rancher\rke2\data\v1.**.**-rke2r*-windows-amd64-*\bin\*
C:\var\lib\rancher\rke2\bin\*
```
**This vulnerability is exclusive to RKE2 in Windows environments. Linux environments are not affected by it.**
Please consult the associated [MITRE ATT&CK - Technique - Exploitation for
GHSA
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
ghsa·2024-10-25
CVE-2023-32197 [CRITICAL] CWE-269 Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
### Impact
A vulnerability has been identified whereby Rancher Manager deployments containing Windows nodes have weak Access Control Lists (ACL), allowing `BUILTIN\Users` or `NT AUTHORITY\Authenticated Users` to view or edit sensitive files which could lead to privilege escalation.
The affected files include binaries, scripts, configuration and log files:
```
C:\etc\rancher\wins\config
C:\var\lib\rancher\agent\rancher2_connection_info.json
C:\etc\rancher\rke2\config.yaml.d\50-rancher.yaml
C:\var\lib\rancher\agent\applied\*-*-applied.plan
C:\usr\local\bin\rke2
C:\var\lib\rancher\capr\idempotence\idempotent.sh
```
RKE2 nodes expand the list to include the files below:
```
C:\etc\rancher\node\passw
GHSA
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
ghsa·2024-10-25·CVSS 7.5
[HIGH] CWE-269 RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
### Impact
A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists (ACL), allowing `BUILTIN\Users` or `NT AUTHORITY\Authenticated Users` to view or edit sensitive files which could lead to privilege escalation.
The affected files include binaries, scripts, configuration and log files:
```
C:\etc\rancher\node\password
C:\var\lib\rancher\rke2\agent\logs\kubelet.log
C:\var\lib\rancher\rke2\data\v1.**.**-rke2r*-windows-amd64-*\bin\*
C:\var\lib\rancher\rke2\bin\*
```
**This vulnerability is exclusive to RKE2 in Windows environments. Linux environments are not affected by it.**
Please consult the associated [MITRE ATT&CK - Technique - Exploitation for
OSV
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
osv·2024-10-25
CVE-2023-32196 [CRITICAL] Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
### Impact
A vulnerability has been identified whereby Rancher Manager deployments containing Windows nodes have weak Access Control Lists (ACL), allowing `BUILTIN\Users` or `NT AUTHORITY\Authenticated Users` to view or edit sensitive files which could lead to privilege escalation.
The affected files include binaries, scripts, configuration and log files:
```
C:\etc\rancher\wins\config
C:\var\lib\rancher\agent\rancher2_connection_info.json
C:\etc\rancher\rke2\config.yaml.d\50-rancher.yaml
C:\var\lib\rancher\agent\applied\*-*-applied.plan
C:\usr\local\bin\rke2
C:\var\lib\rancher\capr\idempotence\idempotent.sh
```
RKE2 nodes expand the list to include the files below:
```
C:\etc\rancher\node\passw
OSV
Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
osv·2024-06-28
CVE-2023-32196 Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.7.0 before v2.7.14, from v2.8.0 before v2.8.5.
GHSA
Rancher's External RoleTemplates can lead to privilege escalation
ghsa·2024-06-17
CVE-2023-32196 [HIGH] CWE-269 Rancher's External RoleTemplates can lead to privilege escalation
Rancher's External RoleTemplates can lead to privilege escalation
### Impact
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for `RoleTemplate`objects when external=true, which in specific scenarios can lead to privilege escalation.
The bug in the webhook rule resolver ignores rules from a `ClusterRole` for external `RoleTemplates` when its context is set to either `project` or is left empty. The fix introduces a new field to the `RoleTemplate` CRD named `ExternalRules`. The new field will be used to resolve rules directly from the `RoleTemplate`. Additionally, rules from the backing `ClusterRole` will be used if `ExternalRules` is not provided. The new field will always take precedence when it is set, and serve as the source of truth for
OSV
Rancher's External RoleTemplates can lead to privilege escalation
osv·2024-06-17
CVE-2023-32196 [HIGH] Rancher's External RoleTemplates can lead to privilege escalation
Rancher's External RoleTemplates can lead to privilege escalation
### Impact
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for `RoleTemplate`objects when external=true, which in specific scenarios can lead to privilege escalation.
The bug in the webhook rule resolver ignores rules from a `ClusterRole` for external `RoleTemplates` when its context is set to either `project` or is left empty. The fix introduces a new field to the `RoleTemplate` CRD named `ExternalRules`. The new field will be used to resolve rules directly from the `RoleTemplate`. Additionally, rules from the backing `ClusterRole` will be used if `ExternalRules` is not provided. The new field will always take precedence when it is set, and serve as the source of truth for
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-16
Published