Vulnerability DatabaseCVE-2023-22651
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-22651
May 04, 2023
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.
Affected Packages
github.com/rancher/rancher (GO):
Affected version(s) >=v2.7.2 <v2.7.3
Fix Suggestion:
Update to version v2.7.3
github.com/rancher/rancher (GO):
Affected version(s) >=v0.0.0-20220922131902-ec6d6d3a7616 <v0.0.0-20230424183121-6d9a175954c6
Fix Suggestion:
Update to version v0.0.0-20230424183121-6d9a175954c6
Related ResourcesĀ (5)
https://github.com/rancher/rancher/releases/tag/v2.7.3
https://nvd.nist.gov/vuln/detail/CVE-2023-22651
https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651
https://github.com/rancher/rancher
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.4
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Privilege Management
CWE-269
Incorrect Default Permissions
CWE-276
EPSS
Base Score:
0.39