Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-32194

Good to know:

icon
icon

Date: October 16, 2024

A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. This includes reading or updating a namespace in the project so that it is available in other projects in which the user has the "manage-namespaces" permission or updating another namespace in which the user has normal "update" permissions to be moved into the project. The expected behavior is to not be able to create, update, or delete a namespace in the project or move another namespace into the project since the user doesn't have any permissions on namespaces in the core API group. Moving a namespace to another project could lead to leakage of secrets, in case the targeted project has secrets. And also can lead to the namespace being able to abuse the resource quotas of the targeted project.

Language: Go

Severity Score

Related Resources (5)

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32194
https://nvd.nist.gov/vuln/detail/CVE-2023-32194
https://github.com/rancher/rancher
https://github.com/rancher/rancher/security/advisories/GHSA-c85r-fwc7-45vc
https://www.mend.io/vulnerability-database/CVE-2023-32194

Severity Score

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Top Fix

icon

Upgrade Version

Upgrade to version v2.6.14,v2.7.10,v2.8.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us