Critical severityNVD Advisory· Published Jun 1, 2023· Updated Jan 9, 2025
CVE-2023-22647
CVE-2023-22647
Description
An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster.
This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | >= 2.6.0, < 2.6.13 | 2.6.13 |
github.com/rancher/rancherGo | >= 2.7.0, < 2.7.4 | 2.7.4 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-p976-h52c-26p6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-22647ghsaADVISORY
- bugzilla.suse.com/show_bug.cgighsaWEB
- github.com/rancher/rancher/releases/tag/v2.6.13ghsaWEB
- github.com/rancher/rancher/releases/tag/v2.7.4ghsaWEB
- github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6ghsaWEB
News mentions
0No linked articles in our index yet.