Upstream information
Description
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead tothe misconfiguration of the Webhook. This component enforces validation
rules and security checks before resources are admitted into the
Kubernetes cluster.
The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.
Upstream Security Advisories:
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
| CNA (CISA-ADP) | CNA (SUSE) | National Vulnerability Database | |
|---|---|---|---|
| Base Score | 9.9 | 9.9 | 9.9 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Attack Vector | Network | Network | Network |
| Attack Complexity | Low | Low | Low |
| Privileges Required | Low | Low | Low |
| User Interaction | None | None | None |
| Scope | Changed | Changed | Changed |
| Confidentiality Impact | High | High | High |
| Integrity Impact | High | High | High |
| Availability Impact | High | High | High |
| CVSSv3 Version | 3.1 | 3.1 | 3.1 |
SUSE Security Advisories:
- GHSA-6m9f-pj6w-w87g, published Mon Apr 24 20:43:29 CEST 2023
SUSE Timeline for this CVE
CVE page created: Tue Apr 18 22:00:55 2023CVE page last modified: Thu Jan 30 17:54:19 2025