3 matches found
CVE-2024-22032
CVE-2024-22032: Rancher’s RKE1 deployment keeps reconciling when secrets encryption is enabled, causing Kube API secret values to be written in plaintext in the cluster AppliedSpec. Affected environments include RKE1 clusters managed by Rancher; RBAC users with cluster or project scope can view t...
GHSA-Q6C7-56CQ-G2WM Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Impact This issue is only relevant to clusters provisioned using RKE1 with secrets encryption configuration enabled. A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled please see the RKE documentation. When...
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Impact This issue is only relevant to clusters provisioned using RKE1 with secrets encryption configuration enabled. A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled please see the RKE documentation. When...