CVE-2023-22651

CVSS V2 None CVSS V3 None

Description

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.

Overview

CVE ID
CVE-2023-22651

Assigner
meissner@suse.de

Vulnerability Status
Received

Published Version
2023-05-04T08:15:22

Last Modified Date
2023-05-04T08:15:22

Weakness Enumerations

CWE	URL
CWE-269	http://cwe.mitre.org/data/definitions/269.html

References

Reference URL	Reference Tags
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651
https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-22651
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22651

History

Created	Old Value	New Value	Data Type	Notes
2023-05-04 09:00:37				Added to TrackCVE
2023-05-04 09:00:38			Weakness Enumeration	new