Base Score

MEDIUM4.3

CVE-2023-32199

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs

VectorNETWORK

Published Bymeissner@suse.de

Published DateOct 29, 2025, 15:15

Affected Versions(1)

github.com/rancher/rancher(Go)

Introduced0

Fixed0.0.0-20251014212116-7faa74a968c2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/rancher/rancher(Go)	0	0.0.0-20251014212116-7faa74a968c2	N/A

Weakness Type (CWE):CWE-281

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW

References

Base Score

MEDIUM4.3

Weakness Type (CWE):CWE-281

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW