CVE-2022-31247

Опубликовано: 07 сент. 2022

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.

Ссылки

https://bugzilla.suse.com/show_bug.cgi?id=1199730
Exploit
Issue Tracking
Mitigation
Vendor Advisory
https://github.com/rancher/rancher/security/advisories/GHSA-6x34-89p7-95wg
Exploit
Mitigation
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1199730
Exploit
Issue Tracking
Mitigation
Vendor Advisory
https://github.com/rancher/rancher/security/advisories/GHSA-6x34-89p7-95wg
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*

Версия от 2.5.0 (включая) до 2.5.16 (исключая)

cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*

Версия от 2.6.0 (включая) до 2.6.7 (исключая)

EPSS

Процентиль: 57%

0.00345

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-285

NVD-CWE-Other

Связанные уязвимости

BDU:2022-05604