← back
CVE-2024-52282

Rancher Helm Applications may have sensitive values leaked

CVSS 6.2 MEDIUMEPSS 0.4%CWE-200
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.2EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing logs when the audit level is set to equal or above 2. This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
Affected products
SUSE · rancher

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52282https://github.com/rancher/rancher/security/advisories/GHSA-9c5p-35gj-jqp4