PT-2023-18602 · Suse · Suse Rancher

Yvespp

Publicado

2023-06-01

Atualizado

2026-03-03

CVE-2023-22648

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SUSE Rancher versions 2.6.7 through 2.6.12 SUSE Rancher versions 2.7.0 through 2.7.3

Description The issue is related to improper privilege management, where changes in Azure AD permissions are not reflected in the Rancher UI for logged-in users. This means users retain their previous permissions, even if their group membership changes in Azure AD, such as being moved to a lower-privileged group or being removed from a group. As a result, users retain access to Rancher instead of losing it.

Recommendations For SUSE Rancher versions 2.6.7 through 2.6.12, update to version 2.6.13 or later. For SUSE Rancher versions 2.7.0 through 2.7.3, update to version 2.7.4 or later.

Correção

Session Fixation

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-384CWE-271CWE-269

Identificadores relacionados

CVE-2023-22648

GHSA-VF6J-6739-78M8

Produtos afetados

Suse Rancher

PT-2023-18602 · Suse · Suse Rancher

CVE-2023-22648

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6