CVE-2023-22651

EPSS 0.19%
Published 04.05.2023 08:15:22
Last modified 29.01.2025 17:15:22
Source meissner@suse.de
Teams watchlist Login
Open Login

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to
 the misconfiguration of the Webhook. This component enforces validation
 rules and security checks before resources are admitted into the 
Kubernetes cluster.
The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.

Affected products Warnungen 0 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Suse ≫ Rancher Version >= 2.6.0 <= 2.7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.379

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
meissner@suse.de	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651

Vendor Advisory

Issue Tracking

https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g

Third Party Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2023-22651

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-22651

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-22651

EUVD