CVE-2023-22651
First published: Thu May 04 2023(Updated: )
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Rancher | >=2.6.0<=2.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-22651?
CVE-2023-22651 is an Improper Privilege Management vulnerability in SUSE Rancher that allows Privilege Escalation.
What is the severity of CVE-2023-22651?
CVE-2023-22651 has a severity rating of 9.9 or critical.
How does CVE-2023-22651 affect SUSE Rancher?
CVE-2023-22651 affects SUSE Rancher versions 2.6.0 to 2.7.2.
How can the CVE-2023-22651 vulnerability be exploited?
The CVE-2023-22651 vulnerability can be exploited through a failure in the update logic of Rancher's admission Webhook which may lead to the misconfiguration of the Webhook.
Is there a fix available for CVE-2023-22651?
Yes, a fix is available. It is recommended to update SUSE Rancher to a version beyond 2.7.2.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/nvd-latest
- vendor/suse
- canonical/suse rancher
- version/suse rancher/2.6.0
- version/suse rancher/2.7.2