CVE-2023-32199

Published: Oct 29, 2025

Modified: Oct 29, 2025

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs

Vendor	Product	Versions
SUSE	rancher	affected `0 - < 0.0.0-20251014212116-7faa74a968c2`

Weaknesses (CWE)

CWE-281

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32199

https://github.com/rancher/rancher/security/advisories/GHSA-j4vr-pcmw-hx59

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-32199

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References