Privilege Escalation in Rancher Manager by SUSE
CVE-2023-32199

4.3MEDIUM

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 29 October 2025

What is CVE-2023-32199?

A security issue has been discovered in Rancher Manager, where users can still access clusters even after a custom GlobalRole providing administrative privileges is removed. This vulnerability arises specifically with Global Roles that employ wildcard rules for resource access, enabling unauthorized retention of cluster access, thereby compromising security integrity.

Affected Version(s)

rancher 0 < 0.0.0-20251014212116-7faa74a968c2

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32199

https://github.com/rancher/rancher/security/advisories/GH...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
May 4, 2023

JSON

Suse

What is CVE-2023-32199?

Affected Version(s)

References

CVSS V3.1

Timeline