Vulnerability DatabaseCVE-2023-32191
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-32191
October 16, 2024
When RKE provisions a cluster, it stores the cluster state in a configmap called \"full-cluster-state\" inside the \"kube-system\" namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include sensitive data.
Related Resources (6)
https://github.com/rancher/rke/security/advisories/GHSA-6gr4-52w6-vmqx
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32191
https://github.com/rancher/rke
https://github.com/rancher/rke/commit/cf49199481a1891909acb1384eed73a5c987d5bd
https://nvd.nist.gov/vuln/detail/CVE-2023-32191
https://github.com/rancher/rke/commit/f7485b8dce376db0fc15a7c3ceb3de7029c8d0cf
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.4
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Insecure Storage of Sensitive Information
CWE-922
EPSS
Base Score:
0.20