VYPR
High severity7.2GHSA Advisory· Published Oct 16, 2024· Updated Apr 15, 2026

CVE-2023-32194

CVE-2023-32194

Description

A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/rancher/rancherGo
>= 2.6.0, < 2.6.142.6.14
github.com/rancher/rancherGo
>= 2.7.0, < 2.7.102.7.10
github.com/rancher/rancherGo
>= 2.8.0, < 2.8.22.8.2

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.