CVE-2023-22647

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647	Issue Tracking Vendor Advisory
https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:suse:rancher::::::::
	cpe:2.3:a:suse:rancher::::::::

History

05 Oct 2023, 16:28

Type	Values Removed	Values Added
CWE	~~CWE-281~~	NVD-CWE-Other

09 Jun 2023, 17:55

Type	Values Removed	Values Added
References	~~(MISC) https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647 -~~	(MISC) https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647 - Issue Tracking, Vendor Advisory
References	~~(MISC) https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6 -~~	(MISC) https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6 - Vendor Advisory
CWE	~~CWE-269~~	CWE-281
CPE		cpe:2.3:a:suse:rancher::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.0
First Time		Suse rancher Suse

01 Jun 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-06-01 13:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-22647

Mitre link : CVE-2023-22647

CVE.ORG link : CVE-2023-22647

JSON object : View

Products Affected

suse

rancher

CWE

NVD-CWE-Other CWE-269

Improper Privilege Management

{"id": "CVE-2023-22647", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2023-06-01T13:15:10.467", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "meissner@suse.de"}, {"url": "https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6", "tags": ["Vendor Advisory"], "source": "meissner@suse.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "meissner@suse.de", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local\n cluster, resulting in the secret being deleted, but their read-level \npermissions to the secret being preserved. When this operation was \nfollowed-up by other specially crafted commands, it could result in the \nuser gaining access to tokens belonging to service accounts in the local cluster.\n\n\nThis issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.\n\n"}], "lastModified": "2023-10-05T16:28:13.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E9E01CC-9BB4-4A69-8F2D-ECCA9CF59580", "versionEndExcluding": "2.6.13", "versionStartIncluding": "2.6.0"}, {"criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82B60ABA-3389-45F0-9F45-4D4D0D4738BC", "versionEndExcluding": "2.7.4", "versionStartIncluding": "2.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "meissner@suse.de"}