Zurück zur CVE-Übersicht
CVE-2026-44935
CRITICAL(9.9)CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Risk Signal Score30/100 — MITTEL
- CVSS 9.9 — Kritisch
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.9
Technische Schwere
Beschreibung
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
GitHub Advisories
GHSA-xr65-5cpm-g36xCRITICAL
Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer
go/github.com/rancher/fleet→ 0.15.2
GitHub Advisory