{"id":"CVE-2023-32196","summary":"Rancher's External RoleTemplates can lead to privilege escalation","details":"A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation.","aliases":["CVE-2023-32197","GHSA-64jq-m7rq-768h","GHSA-7h8m-pvw3-5gh4","GO-2024-2929","GO-2024-3220"],"modified":"2026-06-18T03:54:53.795072088Z","published":"2024-10-16T13:01:47.230Z","database_specific":{"cna_assigner":"suse","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/32xxx/CVE-2023-32196.json","cwe_ids":["CWE-269"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/32xxx/CVE-2023-32196.json"},{"type":"ADVISORY","url":"https://github.com/rancher/rancher/security/advisories/GHSA-64jq-m7rq-768h"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32196"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32196"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rancher/rancher","events":[{"introduced":"ce9a7aea4b13fed7acd02cc32667b2ae72f98f5a"},{"fixed":"ae8fa4989d171c6081cd5addb9d058fb0f57eedd"},{"introduced":"72f58378bf03122a9651c9bd3b4c143a57e8fdaa"},{"fixed":"7af1354e9b8900cec6e5360787e291acd376e6d3"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"2.7.0"},{"fixed":"2.7.14"},{"introduced":"2.8.0"},{"fixed":"2.8.5"}]}}],"versions":["v2.8.4-rc5","v2.8.4","v2.7.14-rc2","v2.8.5-rc2","v2.7.14-rc1","v2.8.5-rc1","v2.7.13-rc5","v2.7.13","v2.8.3-rc8","v2.8.3","v2.8.4-rc4","v2.7.13-rc4","v2.8.4-rc3","v2.7.13-rc3","v2.8.4-rc2","v2.8.4-rc1","v2.7.13-rc2","v2.7.13-rc1","v2.8.4-alpha1","v2.7.13-alpha1","v2.8.3-rc7","v2.7.12-rc3","v2.7.12","v2.8.3-rc6","v2.8.3-rc5","v2.7.12-rc2","v2.7.12-alpha2","v2.7.12-alpha1","v2.8.3-rc4","v2.7.12-rc1","v2.8.3-rc3","v2.8.3-rc2","v2.8.3-rc1","v2.8.3-alpha2","v2.8.3-alpha1","v2.7.5","v2.8.0-rc5","v2.8.0","v2.7.8-rc1","v2.7.8","v2.7.7-rc7","v2.7.7","v2.7.7-rc6","v2.7.7-rc5","v2.7.7-rc3","v2.7.7-rc4","v2.7.7-rc2","v2.7.7-rc1","v2.7.5-rc6","v2.7.5-rc5","v2.7.5-rc4","v2.7.5-rc3","v2.7.5-rc2","v2.7.5-rc1","v2.7.2-rc9","v2.7.2-rc10","v2.7.2","v2.7.2-rc8","v2.7.2-rc7","v2.7.2-rc6","v2.7.2-rc5","v2.7.2-rc4","v2.7.2-rc3","v2.7.2-rc2","v2.7.0-novkdm","v2.7.0","v2.7.2-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32196.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}