CVE-2023-32196

CVSS v4.0

7.5

High

Vector

AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Rancher versions 2.7.0 through 2.7.13 Rancher versions 2.8.0 through 2.8.4

Description A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplate objects when external=true, which in specific scenarios can lead to privilege escalation.

Recommendations For Rancher versions 2.7.0 through 2.7.13, update to version 2.7.14 or later. For Rancher versions 2.8.0 through 2.8.4, update to version 2.8.5 or later. As a temporary workaround, consider restricting access to External RoleTemplates to minimize the risk of exploitation.

Fix

Incorrect Permission

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-269

Related Identifiers

CVE-2023-32196

GHSA-64JQ-M7RQ-768H

GHSA-7H8M-PVW3-5GH4

GO-2024-2929

GO-2024-3220

Affected Products

Rancher

CVE-2023-32196

Weakness Enumeration

Related Identifiers

Affected Products

References · 14