CVE-2023-32199 MEDIUM

CVE-2023-32199: Rancher user retains access to clusters despite Global Role removal

Vendor Suse
Product rancher
Weakness CWE-281
Published October 29, 2025
Last update October 29, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs

Key dates

02Disclosure timeline

October 29, 2025 CVE published
October 29, 2025 Record updated