Lucene search
Veracode Vulnerability DatabaseVERACODE:39026HistoryJan 27, 2023 - 3:54 a.m.
Privilege Escalation
2023-01-2703:54:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
github
rancher
vulnerability
authorization logic
attacker
permissions
resource
cluster
project role template binding
roles
0.001 Low
EPSS
Percentile
31.0%
github.com/rancher/rancher is vulnerable to Privilege Escalation. The vulnerability exists due to a flaw in the authorization logic, which allows an attacker to escalate permissions for any -promoted resource in any cluster through the project role template binding (PRTB) and -promoted roles.
References
bugzilla.suse.com/show_bug.cgi?id=1205293
github.com/advisories/GHSA-7m72-mh5r-6j3r
github.com/rancher/rancher/commit/96c3532e8f036860969f33bf4870df17f0f7f62d
github.com/rancher/rancher/commit/d6e35b4ef6ede8d9b547cbfcad141894fb01de8f
github.com/rancher/rancher/pull/40242
github.com/rancher/rancher/pull/40243
Related
nvd
nvd
CVE-2022-43759
2023-02-07 13:15:09
osv
osv
CVE-2022-43759
2023-02-07 13:15:09
cvelist
cvelist
CVE-2022-43759 Rancher: Privilege escalation via promoted roles
2023-02-07 00:00:00
github
github
cve
cve
CVE-2022-43759
2023-02-07 13:15:09
prion
prion
Privilege escalation
2023-02-07 13:15:00