CVE-2023-22650

A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22650
https://github.com/rancher/rancher/security/advisories/GHSA-9ghh-mmcq-8phc

Configurations

No configuration.

History

16 Oct 2024, 15:35

Type	Values Removed	Values Added
CWE		CWE-306
Summary		(es) Se ha identificado una vulnerabilidad en la que Rancher no limpia automáticamente a un usuario que ha sido eliminado del proveedor de autenticación (AP) configurado. Esta característica también se aplica a los usuarios deshabilitados o revocados; Rancher no reflejará estas modificaciones, lo que puede dejar los tokens del usuario aún utilizables.

16 Oct 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-16 09:15

Updated : 2024-10-16 16:38

NVD link : CVE-2023-22650

Mitre link : CVE-2023-22650

CVE.ORG link : CVE-2023-22650

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2023-22650", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-16T09:15:02.957", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22650", "source": "meissner@suse.de"}, {"url": "https://github.com/rancher/rancher/security/advisories/GHSA-9ghh-mmcq-8phc", "source": "meissner@suse.de"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "meissner@suse.de", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user\u2019s tokens still usable."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en la que Rancher no limpia autom\u00e1ticamente a un usuario que ha sido eliminado del proveedor de autenticaci\u00f3n (AP) configurado. Esta caracter\u00edstica tambi\u00e9n se aplica a los usuarios deshabilitados o revocados; Rancher no reflejar\u00e1 estas modificaciones, lo que puede dejar los tokens del usuario a\u00fan utilizables."}], "lastModified": "2024-10-16T16:38:14.557", "sourceIdentifier": "meissner@suse.de"}