What is CVE-2023-22647?

CVE-2023-22647 is a critical-severity vulnerability in Suse Rancher, classified under Privilege Defined With Unsafe Actions. CVSS score: 9.9/10. Published 2023-06-01.

How severe is CVE-2023-22647?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Privilege escalation in Suse Rancher

CVE-2023-22647

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-leve…

EPSS: 0.009 (75.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Suse Rancher — versions >= 2.6.0, >= 2.7.0

Weakness classification (CWE)

CWE-267 — Privilege Defined With Unsafe Actions

References

github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6
bugzilla.suse.com/show_bug.cgi

Frequently asked questions

What is CVE-2023-22647?: CVE-2023-22647 is a critical-severity vulnerability in Suse Rancher, classified under Privilege Defined With Unsafe Actions. CVSS score: 9.9/10. Published 2023-06-01.
How severe is CVE-2023-22647?: Critical severity. CVSS v3 base score is 9.9 out of 10.