Upstream information
Description
A missing clean-up in the legacy Project Role Template Binding (PRTB)reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security
Admission (PSA) permissions after an administrator removes those
permissions from a RoleTemplate.
Upstream Security Advisories:
SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| CVSS detail | CNA (SUSE) |
|---|---|
| Base Score | 6.9 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
| Attack Vector | Network |
| Attack Complexity | Low |
| Attack Requirements | Present |
| Privileges Required | High |
| User Interaction | None |
| Vulnerable System Confidentiality Impact | None |
| Vulnerable System Integrity Impact | High |
| Vulnerable System Availability Impact | None |
| Subsequent System Confidentiality Impact | None |
| Subsequent System Integrity Impact | High |
| Subsequent System Availability Impact | None |
| CVSSv4 Version | 4.0 |
SUSE Security Advisories:
- GHSA-c4rp-wgqc-mfhc, published Tue Jun 30 00:59:08 CEST 2026
SUSE Timeline for this CVE
CVE page created: Thu Jun 18 11:30:23 2026CVE page last modified: Tue Jun 30 20:41:17 2026