Privilege Escalation Vulnerability in RoleTemplateObjects
CVE-2023-32196

6.6MEDIUM

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 16 October 2024

Summary

A significant vulnerability has been identified in Rancher where the privilege escalation checks for RoleTemplate objects are not adequately enforced when the external attribute is set to true. This flaw can potentially allow unauthorized users to escalate their privileges in certain scenarios, exposing sensitive resources and compromising the integrity of the environment. It is crucial for users and administrators of Rancher to be aware of this issue, review their configurations, and implement recommended security practices to mitigate the effects of this vulnerability.

Affected Version(s)

rancher 2.7.0 < 2.7.14

rancher 2.8.0 < 2.8.5

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32196

https://github.com/rancher/rancher/security/advisories/GH...

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
May 4, 2023