Описание
A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project.
EPSS
Процентиль: 26%
0.0009
Низкий
7.2 High
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 7.2
github
почти 2 года назад
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
EPSS
Процентиль: 26%
0.0009
Низкий
7.2 High
CVSS3
Дефекты
CWE-269