Non-admin users can escalate to admin rights via configmap
CVE-2023-32191

9.9CRITICAL

Key Information:

Vendor: Suse
Status: Rke
Vendor: CVE Published:; 16 October 2024

Summary

A security vulnerability exists within Rancher's RKE where sensitive cluster state information is stored in a configmap named full-cluster-state within the kube-system namespace. This misconfiguration enables non-admin users to gain elevated privileges by exploiting the accessible data. As a result, unauthorized users could potentially alter critical configurations or gain administrative control over the Kubernetes cluster. Securing access to the cluster's configmap is essential to ensure that only authorized personnel can interact with these sensitive settings and to safeguard the overall integrity of the RKE deployment.

Affected Version(s)

rke 1.4.18 < 1.4.19

rke 1.5.9 < 1.5.10

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32191

https://github.com/rancher/rke/security/advisories/GHSA-6...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
May 4, 2023