An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions before 2.6.7; Rancher versions before 2.5.16.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
suse rancher |