CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-31247

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.9%

CVSS Severity

CVSS v3 Score 9.1

References

Products affected by CVE-2022-31247

Suse » Rancher » Version: 2.5.0

cpe:2.3:a:suse:rancher:2.5.0
Suse » Rancher » Version: 2.5.1

cpe:2.3:a:suse:rancher:2.5.1
Suse » Rancher » Version: 2.5.10

cpe:2.3:a:suse:rancher:2.5.10
Suse » Rancher » Version: 2.5.11

cpe:2.3:a:suse:rancher:2.5.11
Suse » Rancher » Version: 2.5.12

cpe:2.3:a:suse:rancher:2.5.12
Suse » Rancher » Version: 2.5.13

cpe:2.3:a:suse:rancher:2.5.13
Suse » Rancher » Version: 2.5.2

cpe:2.3:a:suse:rancher:2.5.2
Suse » Rancher » Version: 2.5.3

cpe:2.3:a:suse:rancher:2.5.3
Suse » Rancher » Version: 2.5.4

cpe:2.3:a:suse:rancher:2.5.4
Suse » Rancher » Version: 2.5.5

cpe:2.3:a:suse:rancher:2.5.5
Suse » Rancher » Version: 2.5.6

cpe:2.3:a:suse:rancher:2.5.6
Suse » Rancher » Version: 2.5.7

cpe:2.3:a:suse:rancher:2.5.7
Suse » Rancher » Version: 2.5.8

cpe:2.3:a:suse:rancher:2.5.8
Suse » Rancher » Version: 2.5.9

cpe:2.3:a:suse:rancher:2.5.9
Suse » Rancher » Version: 2.6.0

cpe:2.3:a:suse:rancher:2.6.0
Suse » Rancher » Version: 2.6.1

cpe:2.3:a:suse:rancher:2.6.1
Suse » Rancher » Version: 2.6.2

cpe:2.3:a:suse:rancher:2.6.2
Suse » Rancher » Version: 2.6.3

cpe:2.3:a:suse:rancher:2.6.3
Suse » Rancher » Version: 2.6.4

cpe:2.3:a:suse:rancher:2.6.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-31247

Products

Pricing

Contact Us