VYPR
Critical severity9.9GHSA Advisory· Published Oct 16, 2024· Updated Apr 15, 2026

CVE-2023-32191

CVE-2023-32191

Description

When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/rancher/rkeGo
>= 1.4.18, < 1.4.191.4.19
github.com/rancher/rkeGo
>= 1.5.9, < 1.5.101.5.10

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.