CVE-2024-52282
published 2025-04-11CVE-2024-52282: A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps…
PriorityP427medium6.2CVSS 3.1
AVNACLPRHUIRSCCHINAN
EPSS
0.37%
28.9th percentile
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET
access to the Rancher Manager Apps Catalog to read any sensitive information that are
contained within the Apps’ values. Additionally, the same information
leaks into auditing logs when the audit level is set to equal or above
2.
This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_rancher | >= 2.8.0 < 2.8.10 | 2.8.10 |
| github.com | rancher_rancher | >= 2.9.0 < 2.9.4 | 2.9.4 |
| suse | rancher | >= 2.8.0 < 2.8.10 | 2.8.10 |
| suse | rancher | >= 2.9.0 < 2.9.4 | 2.9.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher
osv·2024-11-21
CVE-2024-52282 Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher
Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher
Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/rancher/rancher from v2.8.0 before v2.8.10, from v2.9.0 before v2.9.4.
GHSA
Rancher Helm Applications may have sensitive values leaked
ghsa·2024-11-20
CVE-2024-52282 [MEDIUM] CWE-200 Rancher Helm Applications may have sensitive values leaked
Rancher Helm Applications may have sensitive values leaked
### Impact
A vulnerability has been identified within Rancher Manager whereby applications installed via Rancher Manager Apps Catalog store their Helm values directly into the `Apps` Custom Resource Definition, resulting in any users with `GET` access to it to be able to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing logs when the audit level is set to equal or above 2.
Application charts without sensitive data are not affected by this vulnerability.
This vulnerability impacts any Helm applications installed on a Rancher Manager cluster, regardless of it being installed via the Marketplace or using the helm cli.
Please consult the associated [MITR
OSV
Rancher Helm Applications may have sensitive values leaked
osv·2024-11-20
CVE-2024-52282 [MEDIUM] Rancher Helm Applications may have sensitive values leaked
Rancher Helm Applications may have sensitive values leaked
### Impact
A vulnerability has been identified within Rancher Manager whereby applications installed via Rancher Manager Apps Catalog store their Helm values directly into the `Apps` Custom Resource Definition, resulting in any users with `GET` access to it to be able to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing logs when the audit level is set to equal or above 2.
Application charts without sensitive data are not affected by this vulnerability.
This vulnerability impacts any Helm applications installed on a Rancher Manager cluster, regardless of it being installed via the Marketplace or using the helm cli.
Please consult the associated [MITR
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-11
Published