CVE-2023-32197 | THREATINT

Description

A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.

PUBLISHED Reserved 2023-05-04 | Published 2025-04-16 | Updated 2026-02-26 | Assigner suse

MEDIUM: 6.6CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

HIGH: 7.5CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-269: Improper Privilege Management

Product status

Default status

unaffected

2.7.0 (semver) before 2.7.14

affected

2.8.0 (semver) before 2.8.5

affected

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32197

github.com/...ancher/security/advisories/GHSA-64jq-m7rq-768h

cve.org (CVE-2023-32197)

nvd.nist.gov (CVE-2023-32197)

Download JSON