CVE-2023-32197: Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
(updated )
A vulnerability has been identified whereby Rancher Manager deployments containing Windows nodes have weak Access Control Lists (ACL), allowing BUILTIN\Users
or NT AUTHORITY\Authenticated Users
to view or edit sensitive files which could lead to privilege escalation.
References
Detect and mitigate CVE-2023-32197 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →