CVE-2023-22647

Name of the Vulnerable Software and Affected Versions SUSE Rancher versions 2.6.0 through 2.6.12 SUSE Rancher versions 2.7.0 through 2.7.3

Description The issue is related to improper privilege management in SUSE Rancher, allowing standard users to manipulate Kubernetes secrets in the local cluster. This can result in the user gaining access to tokens belonging to service accounts in the local cluster. Users with custom global roles that grant create and delete permissions on secrets can also exploit this issue. To identify possible abuses, users with audit logs enabled can filter by kind: Secret with type: provisioning.cattle.io/cloud-credential and investigate log entries affecting that resource.

Recommendations For SUSE Rancher versions 2.6.0 through 2.6.12, update to version 2.6.13 or later. For SUSE Rancher versions 2.7.0 through 2.7.3, update to version 2.7.4 or later. After patching, review access methods to Rancher, including RBAC policies, tokens, and host-level node access, to ensure no changes were made to persist access to users who have leveraged this issue.