Upstream information
Description
A vulnerability has been identified within RancherManager, where after removing a custom GlobalRole that gives
administrative access or the corresponding binding, the user still
retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs
Upstream Security Advisories:
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CVSS detail | CNA (SUSE) |
|---|---|
| Base Score | 4.3 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | High |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality Impact | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- GHSA-j4vr-pcmw-hx59, published Fri Oct 24 02:59:05 CEST 2025
SUSE Timeline for this CVE
CVE page created: Wed Sep 3 19:45:11 2025CVE page last modified: Fri Oct 31 14:10:57 2025