CVE-2022-31247

Summary

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.

Affected Software

VendorProductVersion RangeStatus
SUSERancherRancher < 2.6.7affected
SUSERancherRancher < 2.5.16affected

Weaknesses

  • CWE-285: CWE-285: Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

References