SecBoard
Zurück zur CVE-Übersicht

CVE-2026-44935

CRITICAL(9.9)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Risk Signal Score30/100 — MITTEL
  • CVSS 9.9 — Kritisch

EPSS-Score

1%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

9.9

Technische Schwere

Beschreibung

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.

GitHub Advisories

GHSA-xr65-5cpm-g36xCRITICAL

Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

go/github.com/rancher/fleet0.15.2
GitHub Advisory

Referenzen