CVE-2023-32199

EUVD-2023-36458
A vulnerability has been identified within Rancher 
Manager, where after removing a custom GlobalRole that gives 
administrative access or the corresponding binding, the user still 
retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
suseCNA
4.3 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32199
https://github.com/rancher/rancher/security/advisories/GHSA-j4vr-pcmw-hx59