Lucene search
K

11 matches found

NVD
NVD
added yesterday6 views

CVE-2026-44935

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...

9.9CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-44935

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...

9.9CVSS5.8AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday8 views

CVE-2026-44935

The vulnerability (CVE-2026-44935) affects SUSE Rancher Fleet’s Helm Deployer where missing validation of valuesFrom references enables cross-tenant access to fleet credentials stored in secrets/config maps on downstream clusters. Affected versions include Fleet 0.15.x before 0.15.2, 0.14.x befor...

9.9CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-44935 Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...

9.9CVSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2 days ago6 views

Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...

9.9CVSS5.8AI score
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/05/16 5:31 a.m.15 views

Improper Authorization

Fleet is vulnerable to Improper Authorization. The vulnerability is due to incomplete application of ServiceAccount impersonation in certain Helm deployer code paths, which allows an attacker with git push access to read secrets from arbitrary namespaces on downstream clusters...

9.9CVSS6AI score0.00379EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/14 8:21 a.m.13 views

CVE-2026-41050

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...

9.9CVSS5.9AI score0.00379EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 8:16 a.m.9 views

CVE-2026-41050

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...

9.9CVSS0.00379EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 8:4 a.m.10 views

CVE-2026-41050 Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...

9.9CVSS5.9AI score0.00379EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:4 a.m.10 views

CVE-2026-41050

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...

9.9CVSS5.9AI score0.00379EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. There is a security vulnerability in Fleet, which stems...

9.9CVSS5.9AI score0.00379EPSS
Exploits0References2
Rows per page
Query Builder