Vulnerability CVE-2023-32191


Published: 2024-10-16

Description:
When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin.

Type:

CWE-922

 References:
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32191
https://github.com/rancher/rke/security/advisories/GHSA-6gr4-52w6-vmqx

Copyright 2024, cxsecurity.com

 

Back to Top