CVE-2023-22651

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651	Issue Tracking Vendor Advisory
https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g	Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*

History

10 May 2023, 18:08

Type	Values Removed	Values Added
References	~~(MISC) https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g -~~	(MISC) https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g - Mitigation, Third Party Advisory
References	~~(MISC) https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651 -~~	(MISC) https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651 - Issue Tracking, Vendor Advisory
First Time		Suse rancher Suse
CPE		cpe:2.3:a:suse:rancher::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.9

04 May 2023, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-04 08:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-22651

Mitre link : CVE-2023-22651

CVE.ORG link : CVE-2023-22651

JSON object : View

Products Affected

suse

rancher

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2023-22651", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}, {"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2023-05-04T08:15:22.893", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "meissner@suse.de"}, {"url": "https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g", "tags": ["Mitigation", "Third Party Advisory"], "source": "meissner@suse.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "meissner@suse.de", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to\n the misconfiguration of the Webhook. This component enforces validation\n rules and security checks before resources are admitted into the \nKubernetes cluster.\nThe issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.\n\n"}], "lastModified": "2023-05-10T18:08:49.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6349F4D5-2D10-40A4-B22A-8CC94B65FBE3", "versionEndIncluding": "2.7.2", "versionStartIncluding": "2.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "meissner@suse.de"}