CVE-2023-22651 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-22651 Interim 1 4 2025-02-16T02:22:23Z current 2023-04-24T23:15:54Z 2025-02-16T02:22:23Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-22651 Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g E-Mail link for GHSA-6m9f-pj6w-w87g https://www.suse.com/support/security/rating/ SUSE Security Ratings Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected. CVE-2023-22651 critical 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H