{"id":"CVE-2020-10676","details":"In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.","aliases":["GHSA-8vhc-hwhc-cpj4"],"modified":"2026-04-10T04:21:33.211719Z","published":"2023-12-12T17:15:07.580Z","related":["GHSA-8vhc-hwhc-cpj4"],"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-8vhc-hwhc-cpj4"},{"type":"ADVISORY","url":"https://github.com/rancher/rancher/releases/tag/v2.6.13"},{"type":"ADVISORY","url":"https://github.com/rancher/rancher/releases/tag/v2.7.4"},{"type":"ADVISORY","url":"https://forums.rancher.com/c/announcements"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rancher/rancher","events":[{"introduced":"14c6b3e8f903814c1bb9364187fb8193e33e7a82"},{"fixed":"e91bb053386b32864bbbb306f39061e9f2e287ae"},{"introduced":"ce9a7aea4b13fed7acd02cc32667b2ae72f98f5a"},{"fixed":"efc731b553111e5083ee6fb21587491f7e4fcdc9"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"fixed":"2.6.13"},{"introduced":"2.7.0"},{"fixed":"2.7.4"}]}}],"versions":["v2.0.0","v2.0.0-rc5","v2.0.1","v2.0.1-rc1","v2.0.1-rc2","v2.0.1-rc3","v2.0.1-rc4","v2.0.1-rc5","v2.0.1-rc6","v2.0.2","v2.0.2-rc1","v2.0.3","v2.0.3-rc1","v2.0.3-rc2","v2.0.3-rc3","v2.0.3-rc4","v2.0.3-rc5","v2.0.4","v2.0.4-rc1","v2.0.5","v2.0.5-rc1","v2.0.5-rc2","v2.0.5-rc3","v2.0.5-rc4","v2.0.5-rc5","v2.0.5-rc6","v2.0.6","v2.0.6-rc1","v2.0.6-rc2","v2.0.7","v2.0.7-rc1","v2.0.7-rc2","v2.0.7-rc3","v2.0.7-rc4","v2.0.7-rc5","v2.0.7-rc6","v2.0.8-rc2","v2.1.0","v2.1.0-rc1","v2.1.0-rc10","v2.1.0-rc2","v2.1.0-rc3","v2.1.0-rc4","v2.1.0-rc5","v2.1.0-rc6","v2.1.0-rc7","v2.1.0-rc8","v2.1.0-rc9","v2.2.0","v2.2.0-rc1","v2.2.0-rc10","v2.2.0-rc11","v2.2.0-rc12","v2.2.0-rc13","v2.2.0-rc14","v2.2.0-rc15","v2.2.0-rc2","v2.2.0-rc3","v2.2.0-rc4","v2.2.0-rc5","v2.2.0-rc6","v2.2.0-rc7","v2.2.0-rc8","v2.2.0-rc9","v2.3.0-alpha4","v2.3.0-alpha5","v2.3.0-alpha6","v2.3.0-alpha7","v2.3.0-rc1","v2.3.0-rc10","v2.3.0-rc2","v2.3.0-rc3","v2.3.0-rc4","v2.3.0-rc5","v2.3.0-rc6","v2.3.0-rc7","v2.3.0-rc8","v2.3.0-rc9","v2.3.7-draft","v2.4.0-alpha1","v2.4.0-rc1","v2.4.0-rc10","v2.4.0-rc11","v2.4.0-rc2","v2.4.0-rc3","v2.4.0-rc4","v2.4.0-rc5","v2.4.0-rc6","v2.4.0-rc7","v2.4.0-rc8","v2.4.0-rc9","v2.5.0-alpha1","v2.5.0-alpha2","v2.5.0-alpha3","v2.5.0-alpha4","v2.5.0-alpha5","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.0-rc4","v2.6.0","v2.6.0-rc1","v2.6.0-rc10","v2.6.0-rc2","v2.6.0-rc3","v2.6.0-rc4","v2.6.0-rc5","v2.6.0-rc6","v2.6.0-rc7","v2.6.0-rc8","v2.6.0-rc9","v2.6.1","v2.6.1-harvester1","v2.6.1-harvester2","v2.6.1-rc1","v2.6.1-rc10","v2.6.1-rc11","v2.6.1-rc12","v2.6.1-rc13","v2.6.1-rc2","v2.6.1-rc3","v2.6.1-rc4","v2.6.1-rc5","v2.6.1-rc6","v2.6.1-rc7","v2.6.1-rc8","v2.6.1-rc9","v2.6.11","v2.6.11-rc1","v2.6.11-rc10","v2.6.11-rc2","v2.6.11-rc3","v2.6.11-rc4","v2.6.11-rc5","v2.6.11-rc6","v2.6.11-rc7","v2.6.11-rc8","v2.6.11-rc9","v2.6.12","v2.6.12-rc1","v2.6.12-rc2","v2.6.12-rc3","v2.6.12-rc4","v2.6.12-rc5","v2.6.3","v2.6.3-harvester1","v2.6.3-rc1","v2.6.3-rc10","v2.6.3-rc11","v2.6.3-rc2","v2.6.3-rc3","v2.6.3-rc4","v2.6.3-rc5","v2.6.3-rc6","v2.6.3-rc7","v2.6.3-rc8","v2.6.3-rc9","v2.6.4-alpha1","v2.6.4-alpha2","v2.6.4-alpha3","v2.6.4-rc1","v2.6.4-rc10","v2.6.4-rc11","v2.6.4-rc12","v2.6.4-rc13","v2.6.4-rc2","v2.6.4-rc3","v2.6.4-rc4","v2.6.4-rc5","v2.6.4-rc6","v2.6.4-rc8","v2.6.4-rc9","v2.6.5","v2.6.5-alpha1","v2.6.5-rc1","v2.6.5-rc10","v2.6.5-rc11","v2.6.5-rc12","v2.6.5-rc2","v2.6.5-rc3","v2.6.5-rc4","v2.6.5-rc5","v2.6.5-rc6","v2.6.5-rc8","v2.6.5-rc9","v2.6.6-rc1","v2.6.7","v2.6.7-rc1","v2.6.7-rc10","v2.6.7-rc2","v2.6.7-rc3","v2.6.7-rc4","v2.6.7-rc5","v2.6.7-rc6","v2.6.7-rc7","v2.6.7-rc8","v2.6.7-rc9","v2.6.8-rc2","v2.6.8-rc3","v2.6.9","v2.6.9-rc1","v2.6.9-rc2","v2.6.9-rc3","v2.6.9-rc4","v2.6.9-rc5","v2.6.9-rc6","v2.7.0","v2.7.0-novkdm","v2.7.2","v2.7.2-rc1","v2.7.2-rc10","v2.7.2-rc2","v2.7.2-rc3","v2.7.2-rc4","v2.7.2-rc5","v2.7.2-rc6","v2.7.2-rc7","v2.7.2-rc8","v2.7.2-rc9","v2.7.3","v2.7.3-kdm-2.6.12","v2.7.3-rc1","v2.7.3-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10676.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}