Описание
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs
EPSS
Процентиль: 1%
0.00012
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-281
Связанные уязвимости
CVSS3: 4.3
github
4 месяца назад
Rancher user retains access to clusters despite Global Role removal
EPSS
Процентиль: 1%
0.00012
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-281