CVE: Common Vulnerabilities and Exposures

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.

CWE 1 Total

CWE-269: CWE-269 Improper Privilege Management

CVSS 1 Total

Product Status

Versions 2 Total

Default Status: unaffected

affected

unaffected

References 2 Total

Updated: 2024-08-02

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651
external site
x_transferred
https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g
external site
x_transferred

Authorized Data Publishers