CVE-2023-22647

01.06.2023, 13:15

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local
cluster, resulting in the secret being deleted, but their read-level
permissions to the secret being preserved. When this operation was
followed-up by other specially crafted commands, it could result in the
user gaining access to tokens belonging to service accounts in the local cluster.

This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.9 CRITICAL	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
suse	CNA	9.9 CRITICAL	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Vendor	Product	Version
suse	rancher	2.6.0 ≤ 𝑥 < 2.6.13
suse	rancher	2.7.0 ≤ 𝑥 < 2.7.4

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-267 - Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647

https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647

https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6