mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
59 lines
2.0 KiB
JSON
59 lines
2.0 KiB
JSON
{
|
|
"id": "CVE-2023-22647",
|
|
"sourceIdentifier": "meissner@suse.de",
|
|
"published": "2023-06-01T13:15:10.467",
|
|
"lastModified": "2023-06-01T13:15:10.467",
|
|
"vulnStatus": "Received",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local\n cluster, resulting in the secret being deleted, but their read-level \npermissions to the secret being preserved. When this operation was \nfollowed-up by other specially crafted commands, it could result in the \nuser gaining access to tokens belonging to service accounts in the local cluster.\n\n\nThis issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.\n\n"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "meissner@suse.de",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.9,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.1,
|
|
"impactScore": 6.0
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "meissner@suse.de",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-269"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22647",
|
|
"source": "meissner@suse.de"
|
|
},
|
|
{
|
|
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-p976-h52c-26p6",
|
|
"source": "meissner@suse.de"
|
|
}
|
|
]
|
|
} |