A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users
while they are logged in the Rancher UI. This would cause the users to
retain their previous permissions in Rancher, even if they change groups
on Azure AD, for example, to a lower privileged group, or are removed
from a group, thus retaining their access to Rancher instead of losing
it.
This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: suse
Published: 2023-06-01T12:49:35.238Z
Updated: 2024-08-02T10:13:49.950Z
Reserved: 2023-01-05T10:40:08.605Z
Link: CVE-2023-22648
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-06-01T13:15:10.553
Modified: 2023-10-05T16:27:57.587
Link: CVE-2023-22648
Redhat
No data.