Yvespp

**Name of the Vulnerable Software and Affected Versions** SUSE Rancher versions 2.6.7 through 2.6.12 SUSE Rancher versions 2.7.0 through 2.7.3 **Description** The issue is related to improper privilege management, where changes in Azure AD permissions are not reflected in the Rancher UI for logged-in users. This means users retain their previous permissions, even if their group membership changes in Azure AD, such as being moved to a lower-privileged group or being removed from a group. As a result, users retain access to Rancher instead of losing it. **Recommendations** For SUSE Rancher versions 2.6.7 through 2.6.12, update to version 2.6.13 or later. For SUSE Rancher versions 2.7.0 through 2.7.3, update to version 2.7.4 or later.