Vulnerabilities > Suse > Rancher > 2.7.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2020-10676 | Incorrect Authorization vulnerability in Suse Rancher In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project. | 8.8 |
| 2023-06-01 | CVE-2022-43760 | Cross-site Scripting vulnerability in Suse Rancher An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. | 8.4 |
| 2023-06-01 | CVE-2023-22647 | Unspecified vulnerability in Suse Rancher An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. low complexity suse | 8.0 |
| 2023-06-01 | CVE-2023-22648 | Unspecified vulnerability in Suse Rancher 2.6.10/2.7.0/2.7.1 A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. | 8.8 |
| 2023-05-04 | CVE-2023-22651 | Improper Privilege Management vulnerability in Suse Rancher Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. | 9.9 |