Improper Privilege Management Affecting github.com/rancher/rancher package, versions >=2.6.0 <2.6.14 >=2.7.0 <2.7.10 >=2.8.0 <2.8.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMRANCHERRANCHER-6239653
- published 9 Feb 2024
- disclosed 8 Feb 2024
- credit Unknown
Introduced: 8 Feb 2024
CVE-2023-32194 Open this link in a new tabHow to fix?
Upgrade github.com/rancher/rancher to version 2.6.14, 2.7.10, 2.8.2 or higher.
Overview
Affected versions of this package are vulnerable to Improper Privilege Management via namespaces across any API group, which erroneously grants edit permissions on namespaces within the 'core' group. An attacker can escalate privileges and perform unauthorized actions such as accessing, creating, updating, or deleting namespaces within a project. This includes the ability to read or update a namespace so it becomes accessible in other projects where the attacker has 'manage-namespaces' permission, or to move a namespace into the project, potentially leading to the leakage of secrets or abuse of resource quotas of the targeted project.