CVE-2023-22648

CVSS V2 None CVSS V3 None

Description

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it. This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

Overview

CVE ID
CVE-2023-22648

Assigner
suse

Vulnerability Status
PUBLISHED

Published Version
2023-06-01T12:49:35.238Z

Last Modified Date
2023-06-01T12:49:35.238Z

Weakness Enumerations

CWE	URL
CWE-269	http://cwe.mitre.org/data/definitions/269.html

References

Reference URL	Reference Tags
https://github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-22648
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22648

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 14:26:32				Added to TrackCVE