CVE-2023-32199

Summary

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs

Affected Software

VendorProductVersion RangeStatus
SUSErancher0 < 0.0.0-20251014212116-7faa74a968c2affected

Weaknesses

  • CWE-281: CWE-281: Improper Preservation of Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References