High severity7.2GHSA Advisory· Published Oct 16, 2024· Updated Apr 15, 2026
CVE-2023-32194
CVE-2023-32194
Description
A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | >= 2.6.0, < 2.6.14 | 2.6.14 |
github.com/rancher/rancherGo | >= 2.7.0, < 2.7.10 | 2.7.10 |
github.com/rancher/rancherGo | >= 2.8.0, < 2.8.2 | 2.8.2 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-c85r-fwc7-45vcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-32194ghsaADVISORY
- bugzilla.suse.com/show_bug.cginvdWEB
- github.com/rancher/rancher/commit/2f7113dc32d4f1f5375a1ae09b65be58f6801a15ghsaWEB
- github.com/rancher/rancher/commit/649fdad268d8ecc748e9fdcca2ddcfdc900f9eaaghsaWEB
- github.com/rancher/rancher/commit/d4a0ff5e779e3cc5f14d77ce57620e1326ab1c22ghsaWEB
- github.com/rancher/rancher/security/advisories/GHSA-c85r-fwc7-45vcnvdWEB
News mentions
0No linked articles in our index yet.