2.7.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

suse

NVD

Published: 2023-06-01

Updated: 2023-10-05

Summary

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it. This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

Vulnerable Configurations

Part	Description	Count
Application	Suse Suse Rancher 2.7.0 Suse Rancher 2.7.1 Suse Rancher 2.6.10	15

References

https://github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648