Macedogmpu

**Name of the Vulnerable Software and Affected Versions** Rancher versions 2.x through 2.6.12 Rancher versions 2.7.x through 2.7.3 **Description** An issue allows users with certain access to a namespace to move it to a different project, potentially gaining access to project-specific resources and causing availability issues due to quota limits. Users with roles such as `Project Owner` and `Project Member` on the source project, or custom roles with similar privileges, can exploit this. The issue is related to an incorrectly applied authorization check. **Recommendations** For Rancher versions 2.x through 2.6.12, update to version 2.6.13 or later. For Rancher versions 2.7.x through 2.7.3, update to version 2.7.4 or later. As a temporary workaround, consider restricting access to namespace move operations to minimize the risk of exploitation.