An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster.
This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
Weakness
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rancher | Suse | 2.6.0 (including) | 2.6.13 (excluding) |
| Rancher | Suse | 2.7.0 (including) | 2.7.4 (excluding) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/58.html
- https://cwe.mitre.org/data/definitions/634.html
- https://cwe.mitre.org/data/definitions/637.html
- https://cwe.mitre.org/data/definitions/643.html
- https://cwe.mitre.org/data/definitions/648.html