github.com/rancher/rancher is vulnerable to privilege escalation. The vulnerability exists due to improperly enforced APIgroup rules, allowing a project owner with permissions to edit role bindings to allocate a cluster level role to grant themselves or others an admin role to that cluster.