Lucene search

PRIOn knowledge basePRION:CVE-2022-31247

HistorySep 07, 2022 - 9:15 a.m.

Authorization

2022-09-0709:15:00

PRIOn knowledge base

www.prio-n.com

improper authorization

suse rancher

unauthorized access

vulnerability

project permissions

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.5%

JSON

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.

CPENameOperatorVersion
rancherge2.6.0
rancherlt2.6.7
rancherge2.5.0
rancherlt2.5.16

Name	Operator	Version
rancher	ge	2.6.0
rancher	lt	2.6.7
rancher	ge	2.5.0
rancher	lt	2.5.16

References

bugzilla.suse.com/show_bug.cgi?id=1199730

github.com/rancher/rancher/security/advisories/GHSA-6x34-89p7-95wg