CVE-2023-22648
moderate-risk
Published 2023-06-01
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it. This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
Do I need to act?
-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.0/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648
34
/ 100
moderate-risk
Severity
28/34 · Critical
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal