CVE-2023-22648

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it. This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648	Issue Tracking Vendor Advisory
https://github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:suse:rancher::::::::
	cpe:2.3:a:suse:rancher::::::::

History

No history.

Information

Published : 2023-06-01 13:15

Updated : 2023-10-05 16:27

NVD link : CVE-2023-22648

Mitre link : CVE-2023-22648

CVE.ORG link : CVE-2023-22648

JSON object : View

Products Affected

suse

rancher

CWE

NVD-CWE-Other CWE-269

Improper Privilege Management

{"id": "CVE-2023-22648", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2023-06-01T13:15:10.553", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "meissner@suse.de"}, {"url": "https://github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8", "tags": ["Vendor Advisory"], "source": "meissner@suse.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "meissner@suse.de", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users \nwhile they are logged in the Rancher UI. This would cause the users to \nretain their previous permissions in Rancher, even if they change groups\n on Azure AD, for example, to a lower privileged group, or are removed \nfrom a group, thus retaining their access to Rancher instead of losing \nit.\nThis issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4.\n\n"}], "lastModified": "2023-10-05T16:27:57.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73DA4714-217D-4F50-B3C6-E60FA9389946", "versionEndExcluding": "2.6.13", "versionStartIncluding": "2.6.7"}, {"criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82B60ABA-3389-45F0-9F45-4D4D0D4738BC", "versionEndExcluding": "2.7.4", "versionStartIncluding": "2.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "meissner@suse.de"}