CVE-2023-32197

CWE-269 — Improper Privilege Management CWE-732 — Incorrect Permission Assignment7 documents4 sources

Severity

7.5HIGH

EPSS

0.0%

top 94.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Rancher Github.com Rancher/rancher

Timeline

PublishedApr 16

Description

A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5suse/rancher2.7.0 — 2.7.14+1

▶Gogithub.com/rancher/rancher2.7.0 — 2.8.9+3

🔴Vulnerability Details

CVEList

Rancher's External RoleTemplates can lead to privilege escalation↗2025-04-16

▶

OSV

Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists in github.com/rancher/rancher↗2024-10-28

▶

GHSA

Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists↗2024-10-25

▶

OSV

Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists↗2024-10-25

▶

OSV

Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher↗2024-06-28

▶