CVE-2023-22650

CVSS V2 None CVSS V3 None

Description

A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable.

Overview

CVE ID
CVE-2023-22650

Assigner
suse

Vulnerability Status
PUBLISHED

Published Version
2024-10-16T08:20:42.467Z

Last Modified Date
2024-10-16T14:44:01.636Z

Weakness Enumerations

CWE	URL
CWE-287	http://cwe.mitre.org/data/definitions/287.html

References

Reference URL	Reference Tags
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22650
https://github.com/rancher/rancher/security/advisories/GHSA-9ghh-mmcq-8phc

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-22650
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22650

History

Created	Old Value	New Value	Data Type	Notes
2024-10-17 13:07:02				Added to TrackCVE