Medium severity4.3GHSA Advisory· Published Oct 29, 2025· Updated Apr 15, 2026
CVE-2023-32199
CVE-2023-32199
Description
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | < 0.0.0-20251014212116-7faa74a968c2 | 0.0.0-20251014212116-7faa74a968c2 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/rancher/rancherpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 0.0.0-20251014212116-7faa74a968c2+ 1 more
- (no CPE)range: < 0.0.0-20251014212116-7faa74a968c2
- (no CPE)range: < 0.0.20251105T184115-1.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.