Improper Privilege Management in SUSE Rancher
CVE-2023-22651

9.9CRITICAL

Key Information:

Vendor: SUSE
Status: Rancher
Vendor: CVE Published:; 4 May 2023

Summary

An improper privilege management issue has been identified in SUSE Rancher, which poses a risk of privilege escalation. This vulnerability stems from a flaw in the update logic of Rancher's admission Webhook, which could result in misconfiguration. The admission Webhook is crucial as it enforces validation rules and security checks for resources entering the Kubernetes cluster. Only users upgrading from versions 2.6.x or 2.7.x to 2.7.2 are potentially impacted; fresh installations of 2.7.2 are not affected.

Affected Version(s)

Rancher 2.6.0 <= 2.7.2

Rancher 2.7.3

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651

https://github.com/rancher/rancher/security/advisories/GH...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 4, 2023
Vulnerability Reserved
Jan 5, 2023