cbcvebase.
CVE-2023-32199
published 2025-10-29

CVE-2023-32199: A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding…

PriorityP422medium4.3CVSS 3.1
AVNACLPRHUIRSUCLILAL
EPSS
0.21%
11.0th percentile
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs

Affected

2 ranges
VendorProductVersion rangeFixed in
github.comrancher_rancher>= 0 < 0.0.0-20251014212116-7faa74a968c20.0.0-20251014212116-7faa74a968c2
suserancher< 0.0.0-20251014212116-7faa74a968c20.0.0-20251014212116-7faa74a968c2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.