How severe is CVE-2023-22647?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2023-22647?

This is classified as CWE-267, which is a common weakness in software security.

CVE-2023-22647 - HIGH Severity | CVSS 8

Vulnerability Description

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

Related Vulnerabilities

CVE-2023-44218

HIGH

CVSS:7.8(High)

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege ...

CWE-2672023

CVE-2024-47906

HIGH

CVSS:7.8(High)

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authent...

CWE-2672024

CVE-2024-7571

HIGH

CVSS:7.8(High)

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

CWE-2672024

CVE-2021-23166

HIGH

CVSS:8.7(High)

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.

CWE-2672021

CVE-2021-23186

HIGH

CVSS:8.7(High)

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenan...

CWE-2672021

CVE-2021-44547

HIGH

CVSS:8.7(High)

A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.

CWE-2672021