CVE-2023-32194 Information

Description

A vulnerability has been identified when granting a create or global role for a resource type of amespaces; no matter the API group the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing creating updating or deleting a namespace in the project.

Reference

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32194 https://github.com/rancher/rancher/security/advisories/GHSA-c85r-fwc7-45vc