EUVD-2024-54941

Malicious code in bioql PyPI...

Unauthorized Disclosure Of Sensitive Data

github.com/rancher/fleet is vulnerable to Unauthorized Disclosure of Sensitive Data. The vulnerability is due to improper access control on BundleDeployment resources with GET or LIST permissions, which allows an attacker to retrieve Helm values containing credentials or other secrets...

GO-2025-3927 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet

Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet...

PT-2025-36650

Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet...

Linux Distros Unpatched Vulnerability : CVE-2024-52284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials...

CVE-2024-52284

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

CVE-2024-52284

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

UBUNTU-CVE-2024-52284

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

CVE-2024-52284 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

CVE-2024-52284 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

CVE-2024-52284

CVE-2024-52284 describes unauthorized disclosure where any user with GET or LIST permissions on BundleDeployment resources can retrieve Helm values that may contain credentials or other secrets. The entry attributes a CVSS v3.1 base score of 7.7 (HIGH) with network attack vector, low attack compl...

SUSE CVE-2024-52284

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Impact A vulnerability has been identified when using Fleet to manage Helm charts where sensitive information is passed through BundleDeployment.Spec.Options.Helm.Values may be stored in plain text. This can result in: 1. Unauthorized disclosure of sensitive data: Any user with GET or LIST...

GHSA-6H9X-9J5V-7W9H Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Impact A vulnerability has been identified when using Fleet to manage Helm charts where sensitive information is passed through BundleDeployment.Spec.Options.Helm.Values may be stored in plain text. This can result in: 1. Unauthorized disclosure of sensitive data: Any user with GET or LIST...

PT-2025-35331

Name of the Vulnerable Software and Affected Versions SUSE Fleet versions prior to v0.14.0 SUSE Fleet version v0.13.1 SUSE Fleet version v0.12.6 SUSE Fleet version v0.11.10 Description A vulnerability exists in SUSE Fleet when managing Helm charts, where sensitive information passed through...

Sensitive Information Disclosure

Rancher Manager is vulnerable to sensitive information disclosure. The vulnerability is due to Helm values being stored directly in the Apps Custom Resource Definition and leaking into audit logs when the audit level is set to 2 or above, allowing users with GET access to read sensitive informati...

PT-2024-35150 · Rancher · Rancher Manager

Name of the Vulnerable Software and Affected Versions: Rancher Manager versions prior to 2.8.10 Rancher Manager versions prior to 2.9.5 Description: A vulnerability has been identified in Rancher Manager where applications installed via the Apps Catalog store their Helm values directly into the...