01 Jui 2023
Vulnérabilité CVE-2023-22647 CVE Vulnerability
An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster.
This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
(CVSS:0.0) (Last Update:2023-06-01)
Vulnerability Details : An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster.This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4. Publish Date : 2023-06-01 Last Update Date : 2023-06-01 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2023-22647
- References For CVE-2023-22647
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2023-22647There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |