10

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-22647

GHSA ID

GHSA-p976-h52c-26p6

EPSS Score

0.68065%

CWE

CWE-267

Published

6/6/2023

Updated

10/9/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-22647

CVE-2023-22647:
Rancher vulnerable to Privilege Escalation via manipulation of Secrets

Impact

A vulnerability has been identified which enables Standard users or above to elevate their permissions to Administrator in the local cluster.

The local cluster means the cluster where Rancher is installed. It is named local inside the list of clusters in the Rancher UI.

Standard users could leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster.

Users that have custom global roles which grant create and delete permissions on secrets would also be able to exploit this vulnerability.

Users with audit logs enabled in Rancher can try to identify possible abuses of this issue by going through the logs. To sieve through the data filter by kind: Secret with type: provisioning.cattle.io/cloud-credential, then investigate all log entries that affect that specific resource. A secondary check would be to filter by all operations with Opaque Secrets within the cattle-global-data namespace.

After patching, it is recommended that users review access methods to Rancher (including RBAC policies, tokens, and host-level node access), to ensure that no changes were made to persist access to users who have leveraged this vulnerability.

Patches

Patched versions include releases 2.6.13, 2.7.4 and later versions.

Workarounds

There is no direct mitigation besides updating Rancher to a patched version.

For more information

If you have any questions or comments about this advisory:

Reach out to the SUSE Rancher Security team for security related inquiries.
Open an issue in the Rancher repository.
Verify with our support matrix and product support lifecycle.

(GitHub Advisory)

10

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-22647

GHSA ID

GHSA-p976-h52c-26p6

EPSS Score

0.68065%

CWE

CWE-267

Published

6/6/2023

Updated

10/9/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/rancher/rancher	go	>= 2.6.0, < 2.6.13	2.6.13
github.com/rancher/rancher	go	>= 2.7.0, < 2.7.4	2.7.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided vulnerability reports describe a privilege escalation via improper handling of Kubernetes Secrets permissions, but no specific function names or code paths are explicitly mentioned in the available data. The CWE-267 and CWE-269 classifications suggest unsafe privilege definitions and improper RBAC management, but the GitHub Security Advisory, NVD details, and release notes only describe the vulnerability at a high level (e.g., retention of read permissions after Secret deletion). The Rancher patches (v2.6.13/v2.7.4) likely addressed this by modifying Secret lifecycle management and RBAC validation logic, but without access to the commit diffs or GitHub patch details, we cannot confidently identify specific vulnerable functions. The absence of 'Current Vulnerable Functions' in the package listings further supports this conclusion.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t * vuln*r**ility **s ***n i**nti*i** w*i** *n**l*s [St*n**r* us*rs](*ttps://r*n***rm*n***r.*o*s.r*n***r.*om/*ow-to-*ui**s/n*w-us*r-*ui**s/*ut**nti**tion-p*rmissions-*n*-*lo**l-*on*i*ur*tion/m*n***-rol*-**s**-****ss-*ontrol-r***/*lo**l-p*rm

Reasoning

T** provi*** vuln*r**ility r*ports **s*ri** * privil*** *s**l*tion vi* improp*r **n*lin* o* Ku**rn*t*s S**r*ts p*rmissions, *ut no sp**i*i* *un*tion n*m*s or *o** p*t*s *r* *xpli*itly m*ntion** in t** *v*il**l* **t*. T** *W*-*** *n* *W*-*** *l*ssi*i*

10

Basic Information

Concerned about an active attack path?

CVE-2023-22647: Rancher vulnerable to Privilege Escalation via manipulation of Secrets

Impact

Patches

Workarounds

For more information

10

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-22647:
Rancher vulnerable to Privilege Escalation via manipulation of Secrets

Vulnerability Intelligence
Miggo AI