2 matches found
EUVD-2023-36458
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...
CVE-2023-32199
CVE-2023-32199 concerns Rancher Manager where removing a custom GlobalRole that grants administrative access or its binding leaves the user with cluster access. Affected are custom GlobalRoles with a wildcard (*) on resources or non-resource URLs, which can result in orphaned ClusterRoleBindings ...