9.9
CVE-2026-44935
- EPSS 0.59%
- Veröffentlicht 02.07.2026 16:00:06
- Zuletzt bearbeitet 06.07.2026 12:44:21
- Quelle meissner@suse.de
- CVE-Watchlists
- Unerledigt
Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Suse ≫ Rancher Fleet Version >= 0.12.0 < 0.12.15
Suse ≫ Rancher Fleet Version >= 0.13.0 < 0.13.11
Suse ≫ Rancher Fleet Version >= 0.14.0 < 0.14.6
Suse ≫ Rancher Fleet Version >= 0.15.0 < 0.15.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.437 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| meissner@suse.de | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-1287 Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
https://github.com/rancher/fleet/security/advisories/GHSA-xr65-5cpm-g36x