CVE-2019-6287
CVE-2019-6287 concerns Rancher 2.0.0–2.1.5, where project members removed from a project can still create, update, read, and delete namespaces within that project. The root cause described in connected sources is improper access control due to incomplete cleanup of roleBindings when members are r...