CVE-2023-22651 - OpenCVE

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Suse	Rancher

Configuration 1 [-]

cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651
https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g

History

No history.

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2023-05-04T07:53:49.876Z

Updated: 2024-08-02T10:13:49.435Z

Reserved: 2023-01-05T10:40:08.607Z

Link: CVE-2023-22651

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-04T08:15:22.893

Modified: 2023-05-10T18:08:49.957

Link: CVE-2023-22651

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22651", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "state": "PUBLISHED", "assignerShortName": "suse", "dateReserved": "2023-01-05T10:40:08.607Z", "datePublished": "2023-05-04T07:53:49.876Z", "dateUpdated": "2024-08-02T10:13:49.435Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Rancher", "vendor": "SUSE", "versions": [{"lessThanOrEqual": "2.7.2", "status": "affected", "version": "2.6.0", "versionType": "2.7.2"}, {"status": "unaffected", "version": "2.7.3"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to\n the misconfiguration of the Webhook. This component enforces validation\n rules and security checks before resources are admitted into the \nKubernetes cluster.<br><p>The issue only affects users that upgrade from <code>2.6.x</code> or <code>2.7.x</code> to <code>2.7.2</code>. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.</p>"}], "value": "Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to\n the misconfiguration of the Webhook. This component enforces validation\n rules and security checks before resources are admitted into the \nKubernetes cluster.\nThe issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2023-05-04T07:53:49.876Z"}, "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651"}, {"url": "https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:49.435Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651", "tags": ["x_transferred"]}, {"url": "https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*", "matchCriteriaId": "6349F4D5-2D10-40A4-B22A-8CC94B65FBE3", "versionEndIncluding": "2.7.2", "versionStartIncluding": "2.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to\n the misconfiguration of the Webhook. This component enforces validation\n rules and security checks before resources are admitted into the \nKubernetes cluster.\nThe issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.\n\n"}], "id": "CVE-2023-22651", "lastModified": "2023-05-10T18:08:49.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2023-05-04T08:15:22.893", "references": [{"source": "meissner@suse.de", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651"}, {"source": "meissner@suse.de", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "meissner@suse.de", "type": "Primary"}]}