CVE-2024-52282 Rancher Helm Applications may have sensitive values leaked

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing lo...

GO-2024-3280 Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher

Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

Rancher Helm Applications may have sensitive values leaked

Impact A vulnerability has been identified within Rancher Manager whereby applications installed via Rancher Manager Apps Catalog store their Helm values directly into the Apps Custom Resource Definition, resulting in any users with GET access to it to be able to read any sensitive information th...

GHSA-9C5P-35GJ-JQP4 Rancher Helm Applications may have sensitive values leaked

Impact A vulnerability has been identified within Rancher Manager whereby applications installed via Rancher Manager Apps Catalog store their Helm values directly into the Apps Custom Resource Definition, resulting in any users with GET access to it to be able to read any sensitive information th...

CVE-2022-31036 Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user...