Bug 1219065 (CVE-2023-32194)

Summary:	CVE-2023-32194: [Rancher] Privilege escalation via Excessive custom API Group Editing Permissions (Namespace)
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Andy Pitcher <andy.pitcher>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Critical
Priority:	P5 - None	CC:	guilherme.macedo, jsegitz, meissner, pietro.dellamore, security-team
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://github.com/rancherlabs/embargoed-security/issues/276
Whiteboard:
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Comment 1 Johannes Segitz 2024-01-25 12:45:57 UTC

Please use CVE-2023-32194

Comment 2 Marcus Meissner 2024-02-08 17:08:30 UTC

https://github.com/rancher/rancher/security/advisories/GHSA-c85r-fwc7-45vc

Comment 3 Marcus Meissner 2024-02-08 17:08:42 UTC

released