8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
44.3%
github.com/rancher/rancher is vulnerable to Improper Privilege Management. The vulnerability exists because the user’s permissions in Azure AD aren’t reflected for users while logged in to the Rancher UI, which caused users to retain their previous permissions in Rancher, even if they changed groups on Azure AD.
bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648
github.com/rancher/rancher/commit/03d2eb265626e4f59532019b331230bf1b2e5db3
github.com/rancher/rancher/commit/4de7ba6e96f82407fc2e0ce120c4a1b7ed0bd81e
github.com/rancher/rancher/commit/e9d50ed454adf20a5270de28b3e158a5ddcdb301
github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8