5.3
CVE-2026-44948
- EPSS 0.29%
- Veröffentlicht 30.06.2026 15:12:17
- Zuletzt bearbeitet 02.07.2026 17:45:44
- Quelle meissner@suse.de
- CVE-Watchlists
- Unerledigt
Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler
A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSUSE
≫
Produkt
Rancher
Default Statusunaffected
Version
0.12.0
Version <
0.12.16
Status
affected
Version
0.13.0
Version <
0.13.12
Status
affected
Version
0.14.0
Version <
0.14.7
Status
affected
Version
0.15.0
Version <
0.15.3
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.21 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| meissner@suse.de | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-23 Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
https://github.com/rancher/fleet/security/advisories/GHSA-c45g-6c2c-rj3p