Github.Com Rancher Fleet vulnerabilities
2 known vulnerabilities affecting github.com/rancher_fleet.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-52284HIGH≥ 0.13.0, < 0.13.1-0.20250806151509-088bcbea7edb≥ 0.12.0, < 0.12.6+1 more2025-08-29
CVE-2024-52284 [HIGH] CWE-312 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text
### Impact
A vulnerability has been identified when using Fleet to manage Helm charts where sensitive information is passed through `BundleDeployment.Spec.Options.Helm.Values` may be stored in plain text. This can result in:
1. Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `Bu
ghsaosv
CVE-2025-23390MEDIUM≥ 0.9.0-rc.1, < 0.10.12≥ 0.11.0, < 0.11.7+1 more2025-04-25
CVE-2025-23390 [MEDIUM] CWE-295 Fleet doesn’t validate a server’s certificate when connecting through SSH
Fleet doesn’t validate a server’s certificate when connecting through SSH
### Impact
A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate when connecting through SSH if the certificate isn’t set in the `known_hosts` file. This could allow the execution of a man-in-the-middle (MitM) attack against Fleet. In case the
ghsaosv