CVE-2022-31247

🗓️ 07 Sep 2022 08:20:18Reported by suseType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 80 Views

Improper Authorization vulnerability in SUSE Rancher allows unauthorized project ownership

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-31247	19 Aug 202200:00	–	attackerkb
BDU FSTEC	The vulnerability of Kubernets Rancher cluster management software is related to deficiencies in the authentication process, which allows attackers to elevate their privileges.	9 Sep 202200:00	–	bdu_fstec
CNNVD	Rancher Labs Rancher 安全漏洞	7 Sep 202200:00	–	cnnvd
Cvelist	CVE-2022-31247 Rancher: Downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)	7 Sep 202208:20	–	cvelist
EUVD	EUVD-2022-52825	3 Oct 202520:07	–	euvd
Github Security Blog	Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)	3 Mar 202614:50	–	github
NVD	CVE-2022-31247	7 Sep 202209:15	–	nvd
OSV	GHSA-6X34-89P7-95WG Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)	3 Mar 202614:50	–	osv
Prion	Authorization	7 Sep 202209:15	–	prion
Positive Technologies	PT-2022-4713	7 Sep 202200:00	–	ptsecurity

NVD

Node

suse rancherRange2.5.0–2.5.16

suse rancherRange2.6.0–2.6.7

[
  {
    "product": "Rancher",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.6.7",
        "status": "affected",
        "version": "Rancher",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Rancher",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.5.16",
        "status": "affected",
        "version": "Rancher",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/rancher/rancher/security/advisories/GHSA-6x34-89p7-95wg
bugzilla	www.bugzilla.suse.com/show_bug.cgi

17 Jun 2026 04:45Current

9.4High risk

Vulners AI Score9.4

CVSS 3.19.1

EPSS0.00813

CWE-285