Vulnerability Details CVE-2023-22648
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users
while they are logged in the Rancher UI. This would cause the users to
retain their previous permissions in Rancher, even if they change groups
on Azure AD, for example, to a lower privileged group, or are removed
from a group, thus retaining their access to Rancher instead of losing
it.
This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.4%
CVSS Severity
CVSS v3 Score 8.0
References