An authenticated privilege escalation vulnerability in SUSE Rancher allows users with the Project Owner role to gain unauthorized administrative access to the platform.

This is a privilege escalation vulnerability where an authenticated user with "Project Owner" permissions can exploit improper privilege handling to elevate their access beyond intended boundaries. This flaw effectively breaks the principle of least privilege within the Rancher management environment.

With a CVSS score of 9.4, this vulnerability allows a malicious or compromised insider to gain elevated control over Kubernetes clusters managed by Rancher. This could result in unauthorized modification of production workloads, access to sensitive secrets, and potential compromise of the entire container orchestration environment.

Immediate Action: Upgrade SUSE Rancher to version 2.14.2, 2.13.6, 2.12.10, or later to address the privilege handling flaw.

Proactive Monitoring: Review audit logs for unusual privilege changes or administrative actions performed by users assigned the Project Owner role.

Compensating Controls: Temporarily restrict the "Project Owner" role for untrusted or unnecessary users until the environment can be updated to a patched version.

Public Exploit Available: Unknown

The risk of privilege escalation in a management platform like Rancher is severe. Administrators must prioritize applying the provided security updates to ensure that the cluster management hierarchy remains secure and that user permissions are strictly enforced.