Lucene search

Veracode Vulnerability DatabaseVERACODE:40843

HistoryJun 09, 2023 - 4:08 a.m.

Improper Privilege Management

2023-06-0904:08:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

rancher

vulnerability

azure ad

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

44.3%

JSON

github.com/rancher/rancher is vulnerable to Improper Privilege Management. The vulnerability exists because the user’s permissions in Azure AD aren’t reflected for users while logged in to the Rancher UI, which caused users to retain their previous permissions in Rancher, even if they changed groups on Azure AD.

CPENameOperatorVersion
github.com/rancher/rancherlev2.7.3
github.com/rancher/rancherlev2.7.5-rc3
github.com/rancher/rancherlev2.6.12
github.com/rancher/rancherlev2.7.3
github.com/rancher/rancherlev2.7.5-rc3
github.com/rancher/rancherlev2.6.12

Name	Operator	Version
github.com/rancher/rancher	le	v2.7.3
github.com/rancher/rancher	le	v2.7.5-rc3
github.com/rancher/rancher	le	v2.6.12
github.com/rancher/rancher	le	v2.7.3
github.com/rancher/rancher	le	v2.7.5-rc3
github.com/rancher/rancher	le	v2.6.12

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648

github.com/rancher/rancher/commit/03d2eb265626e4f59532019b331230bf1b2e5db3

github.com/rancher/rancher/commit/4de7ba6e96f82407fc2e0ce120c4a1b7ed0bd81e

github.com/rancher/rancher/commit/e9d50ed454adf20a5270de28b3e158a5ddcdb301

github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for VERACODE:40843