We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin.
Reserved 2023-05-04 | Published 2024-10-16 | Updated 2024-10-16 | Assigner suseCWE-922: Insecure Storage of Sensitive Information
bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32191
github.com/...er/rke/security/advisories/GHSA-6gr4-52w6-vmqx
Support options