CVE-2024-52284 — Cleartext Storage of Sensitive Info in Rancher

CWE-312 — Cleartext Storage of Sensitive Info6 documents4 sources

Severity

7.7HIGHNVD

EPSS

0.0%

top 93.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Rancher Github.com Rancher Fleet

Timeline

PublishedSep 2

Latest updateSep 8

Description

Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5suse/rancher0.13.0 — 0.13.1-0.20250806151509-088bcbea7edb+2

▶Gogithub.com/rancher_fleet0.13.0 — 0.13.1-0.20250806151509-088bcbea7edb+2

🔴Vulnerability Details

OSV

Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet↗2025-09-08

▶

CVEList

Rancher Fleet Helm Values are stored inside BundleDeployment in plain text↗2025-09-02

▶

OSV

CVE-2024-52284: Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values contai↗2025-09-02

▶

GHSA

Rancher Fleet Helm Values are stored inside BundleDeployment in plain text↗2025-08-29

▶

OSV

Rancher Fleet Helm Values are stored inside BundleDeployment in plain text↗2025-08-29

▶