Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XSUSE Rancher
APPSuse2.12.0 – 2.12.10 (bez)2.13.0 – 2.13.6 (bez)2.14.0 – 2.14.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
Related vulnerabilities
CVE-2026-44946CRITICAL9.5ten sam produkt
A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enfo...
CVE-2023-22647CRITICAL9.9ten sam produkt
An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existi...
CVE-2023-22651CRITICAL9.9ten sam produkt
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the upda...
CVE-2022-43757CRITICAL9.9ten sam produkt
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to...
CVE-2021-36782CRITICAL9.9ten sam produkt
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners...