{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22647", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "state": "PUBLISHED", "assignerShortName": "suse", "dateReserved": "2023-01-05T10:40:08.605Z", "datePublished": "2023-06-01T12:52:49.035Z", "dateUpdated": "2024-10-09T08:30:39.548Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Rancher", "vendor": "SUSE", "versions": [{"lessThan": "< 2.6.13", "status": "affected", "version": ">= 2.6.0", "versionType": "2.6.13"}, {"lessThan": "< 2.7.4", "status": "affected", "version": ">= 2.7.0", "versionType": "2.7.4"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the <code>local</code>\n cluster, resulting in the secret being deleted, but their read-level \npermissions to the secret being preserved. When this operation was \nfollowed-up by other specially crafted commands, it could result in the \nuser gaining access to tokens belonging to service accounts in the <code>local</code> cluster.<br></div><p>This issue affects Rancher: from &gt;= 2.6.0 before &lt; 2.6.13, from &gt;= 2.7.0 before &lt; 2.7.4.</p>"}], "value": "An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local\n cluster, resulting in the secret being deleted, but their read-level \npermissions to the secret being preserved. When this operation was \nfollowed-up by other specially crafted commands, it could result in the \nuser gaining access to tokens belonging to service accounts in the local cluster.\n\n\nThis issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-267", "description": "CWE-267: Privilege Defined With Unsafe Actions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2024-10-09T08:30:39.548Z"}, "references": [{"url": "https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:49.466Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6", "tags": ["x_transferred"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E9E01CC-9BB4-4A69-8F2D-ECCA9CF59580", "versionEndExcluding": "2.6.13", "versionStartIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*", "matchCriteriaId": "82B60ABA-3389-45F0-9F45-4D4D0D4738BC", "versionEndExcluding": "2.7.4", "versionStartIncluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local\n cluster, resulting in the secret being deleted, but their read-level \npermissions to the secret being preserved. When this operation was \nfollowed-up by other specially crafted commands, it could result in the \nuser gaining access to tokens belonging to service accounts in the local cluster.\n\n\nThis issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4."}], "id": "CVE-2023-22647", "lastModified": "2024-11-21T07:45:07.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "meissner@suse.de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-01T13:15:10.467", "references": [{"source": "meissner@suse.de", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647"}, {"source": "meissner@suse.de", "tags": ["Vendor Advisory"], "url": "https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-267"}], "source": "meissner@suse.de", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}