Home > Vulnerability Database > CVE-2022-31247

Mend.io Vulnerability Database

CVE-2022-31247

Date: September 7, 2022

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.

Language: Go

Severity Score

9.1

Related Resources (4)

Url: https://bugzilla.suse.com/show_bug.cgi?id=1199730

Url: https://github.com/rancher/rancher/security/advisories/GHSA-6x34-89p7-95wg

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31247

Url: https://www.mend.io/vulnerability-database/CVE-2022-31247

Severity Score

9.1

Weakness Type (CWE)

Improper Authorization

CWE-285

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31247

Date: September 7, 2022

Language: Go

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?