A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project.

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'