CVE-2025-23391

A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23391
https://github.com/rancher/rancher/security/advisories/GHSA-8p83-cpfg-fj3g

Configurations

No configuration.

History

11 Apr 2025, 15:39

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de asignación incorrecta de privilegios en SUSE Rancher permite que un administrador restringido cambie la contraseña de los administradores y controle sus cuentas. Este problema afecta a Rancher: desde la versión 2.8.0 hasta la 2.8.14, desde la versión 2.9.0 hasta la 2.9.8, y desde la versión 2.10.0 hasta la 2.10.4.

11 Apr 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-11 11:15

Updated : 2025-04-11 15:39

NVD link : CVE-2025-23391

Mitre link : CVE-2025-23391

CVE.ORG link : CVE-2025-23391

JSON object : View

Products Affected

No product.

CWE

CWE-266

Incorrect Privilege Assignment

9.1 /10