Naming Privilege Abuse Vulnerability

CVE-2023-32194

7.2HIGH

Key Information

Vendor
Suse
Status
Rancher
Vendor
CVE Published:
16 October 2024

Summary

A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project.

Affected Version(s)

rancher < 2.6.14

rancher < 2.7.10

rancher < 2.8.2

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.