CVE-2023-32199

A vulnerability has been identified within Rancher 
Manager, where after removing a custom GlobalRole that gives 
administrative access or the corresponding binding, the user still 
retains access to clusters.This only affects custom Global Roles thathave a * on * in * rule for resources or have a * on * rule for non-resource URLs
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
suseCNA
4.3 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32199
https://github.com/rancher/rancher/security/advisories/GHSA-j4vr-pcmw-hx59