CVE-2020-10676: 
Rancher vulnerability analysis and mitigation

CVE-2020-10676 is a security vulnerability discovered in Rancher versions 2.x before 2.6.13 and 2.7.x before 2.7.4. The vulnerability stems from an incorrectly applied authorization check that allows users who have certain access to a namespace to move that namespace to a different project (NVD, GitHub Advisory).

The vulnerability is characterized by an authorization bypass issue where users with update privileges on a namespace can move that namespace into a project they don't have access to. After the namespace transfer is completed, their previous permissions are still preserved, which enables them to gain access to project-specific resources, such as project secrets. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The impact of this vulnerability is significant as it allows users to gain unauthorized access to project-specific resources. Additionally, resources in the moved namespace will count toward the quota limit of the new project, potentially causing availability issues. Users with roles such as Project Owner and Project Member on the source project can exploit this vulnerability, as well as users with custom roles having similar privileges (GitHub Advisory).

The vulnerability has been patched in Rancher versions 2.6.13 and 2.7.4. The patched versions include an improved RBAC mechanism that checks if the user has the correct permissions before the namespace move takes place. There is no direct mitigation besides updating Rancher to a patched version (GitHub Advisory, Rancher Release).