Home > Vulnerability Database > CVE-2023-22651

Mend.io Vulnerability Database

CVE-2023-22651

Good to know:

Date: May 4, 2023

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.

Language: Go

Severity Score

9.9

Related Resources (6)

Url: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-22651

Url: https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g

Url: https://github.com/rancher/rancher

Url: https://github.com/rancher/rancher/releases/tag/v2.7.3

Url: https://www.mend.io/vulnerability-database/CVE-2023-22651

Severity Score

9.9

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version v2.7.3

Learn More

CVSS v3.1

Base Score:	9.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-22651

Good to know:

Date: May 4, 2023

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?