Lucene search
K

50 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-44935

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...

9.9CVSS0.00572EPSS
Exploits0References1
CVE
CVE
added 3 days ago13 views

CVE-2026-44935

The vulnerability (CVE-2026-44935) affects SUSE Rancher Fleet’s Helm Deployer where missing validation of valuesFrom references enables cross-tenant access to fleet credentials stored in secrets/config maps on downstream clusters. Affected versions include Fleet 0.15.x before 0.15.2, 0.14.x befor...

9.9CVSS5.8AI score0.00572EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-44935 Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...

9.9CVSS0.00572EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-44935

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...

9.9CVSS5.8AI score0.00572EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 4 days ago6 views

Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...

9.9CVSS5.8AI score0.00572EPSS
Exploits0References2Affected Software1
NVD
NVD
added 5 days ago7 views

CVE-2026-44948

A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service...

5.3CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 5 days ago6 views

CVE-2026-44948

CVE-2026-44948 describes a path traversal vulnerability in Rancher Fleet’s ImageScan subsystem, specifically in the GitRepo Path Handler. Affected versions are Rancher Fleet 0.12.0–0.12.16, 0.13.0–0.13.12, 0.14.0–0.14.7, and 0.15.0–0.15.3. The issue allows traversal outside the intended directory...

5.3CVSS5.7AI score0.00292EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38359

Name of the Vulnerable Software and Affected Versions Rancher versions prior to v2.14.1 Rancher versions prior to v2.13.5 Rancher versions prior to v2.12.9 Rancher versions prior to v2.11.13 Rancher version v2.10.11 Description Fleet's Helm deployer fails to fully apply ServiceAccount impersonati...

9.9CVSS5.9AI score0.00379EPSS
Exploits0References24
Chainguard
Chainguard
added 2026/05/06 7:17 p.m.29 views

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: k9s, kubescape-server-fips, terragrunt-fips, commercial-chainloop-cli, rancher-fleet-fips, act, jfrog-cli, argocd-image-updater-fips, trivy, cerbos, goreleaser, grafana, melange, packer-fips, flux-image-automation-controller-fips, trufflehog-fips, nemo, mapotf,...

7.4CVSS5.9AI score0.00259EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.9 views

GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: trivy, cert-manager-istio-csr, argo-cd, kubernetes-dashboard-api, k8sgpt, kubeflow-pipelines, rancher, kubevela, emissary, eksctl, falcoctl, rancher-agent, k3s, cri-tools, cilium, kiali, kubescape, cluster-api, headlamp, envoy-gateway, kwok, argo-workflows,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.8 views

CVE-2026-35469 vulnerabilities

Vulnerabilities for packages: trivy, cert-manager-istio-csr, argo-cd, kubernetes-dashboard-api, k8sgpt, kubeflow-pipelines, rancher, kubevela, emissary, eksctl, falcoctl, rancher-agent, k3s, cri-tools, cilium, kiali, kubescape, cluster-api, headlamp, envoy-gateway, kwok, argo-workflows,...

8.7CVSS5.9AI score0.00656EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:41 p.m.10 views

GHSA-VMX8-MQV2-9GMG vulnerabilities

Vulnerabilities for packages: flux-source-controller, helm-push, kots, rancher-fleet, flux, zarf, kuma, cilium-cli, cert-manager-cmctl...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:41 p.m.8 views

GHSA-Q5JF-9VFQ-H4H7 vulnerabilities

Vulnerabilities for packages: flux-source-controller, helm-push, kots, rancher-fleet, flux, zarf, kuma, cilium-cli, cert-manager-cmctl...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:41 p.m.7 views

CVE-2026-35204 vulnerabilities

Vulnerabilities for packages: flux-source-controller, helm-push, kots, rancher-fleet, flux, zarf, kuma, cilium-cli, cert-manager-cmctl...

8.6CVSS7.2AI score0.00158EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:41 p.m.7 views

CVE-2026-35205 vulnerabilities

Vulnerabilities for packages: flux-source-controller, helm-push, kots, rancher-fleet, flux, zarf, kuma, cilium-cli, cert-manager-cmctl...

8.4CVSS7.1AI score0.00178EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:41 p.m.7 views

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: trivy, helm-operator, zot, eksctl, pluto, kubescape, headlamp, cerbos, envoy-gateway, flux, kuma, chartmuseum, flux-source-controller, kots, cluster-api-helm-controller, consul-k8s, nova, tigera-operator, harbor, helm-mapkubeapis, zarf, teleport, tw, cilium-cli,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:41 p.m.7 views

CVE-2026-35206 vulnerabilities

Vulnerabilities for packages: trivy, helm-operator, zot, eksctl, pluto, kubescape, headlamp, cerbos, envoy-gateway, flux, kuma, chartmuseum, flux-source-controller, kots, cluster-api-helm-controller, consul-k8s, nova, tigera-operator, harbor, helm-mapkubeapis, zarf, teleport, tw, cilium-cli,...

4.8CVSS6.1AI score0.00199EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 p.m.6 views

CVE-2026-35204 vulnerabilities

Vulnerabilities for packages: cert-manager-cmctl-fips, flux, kots, cert-manager-cmctl, helm-diff-fips, helm-diff, helm-push, cilium-cli, rancher-fleet, rancher-fleet-fips, zarf, flux-source-controller-fips, flux-fips, zarf-fips, kuma, flux-source-controller, gitlab-operator, gitlab-operator-fips...

8.6CVSS7.2AI score0.00158EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 p.m.7 views

CVE-2026-35205 vulnerabilities

Vulnerabilities for packages: cert-manager-cmctl-fips, flux, kots, cert-manager-cmctl, helm-diff-fips, helm-diff, helm-push, cilium-cli, rancher-fleet, rancher-fleet-fips, zarf, flux-source-controller-fips, flux-fips, zarf-fips, kuma, flux-source-controller, gitlab-operator, gitlab-operator-fips...

8.4CVSS7.1AI score0.00178EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 p.m.4 views

GHSA-Q5JF-9VFQ-H4H7 vulnerabilities

Vulnerabilities for packages: cert-manager-cmctl-fips, flux, kots, cert-manager-cmctl, helm-diff-fips, helm-diff, helm-push, cilium-cli, rancher-fleet, rancher-fleet-fips, zarf, flux-source-controller-fips, flux-fips, zarf-fips, kuma, flux-source-controller, gitlab-operator, gitlab-operator-fips...

5.9AI score
Exploits0
Rows per page
Query Builder