An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local
cluster, resulting in the secret being deleted, but their read-level
permissions to the secret being preserved. When this operation was
followed-up by other specially crafted commands, it could result in the
user gaining access to tokens belonging to service accounts in the local cluster.
This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: suse
Published: 2023-06-01T12:52:49.035Z
Updated: 2024-08-02T10:13:49.466Z
Reserved: 2023-01-05T10:40:08.605Z
Link: CVE-2023-22647
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-06-01T13:15:10.467
Modified: 2023-10-05T16:28:13.250
Link: CVE-2023-22647
Redhat
No data.