Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer
Vulnerability Description
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
CWE-1287
Vulnerability Title
SUSE rancher 软件供应链问题漏洞
Vulnerability Description
SUSE rancher是德国SUSE公司开源的一套容器管理平台。 SUSE rancher存在软件供应链问题漏洞,该漏洞源于Helm Deployer中“valuesFrom”引用验证缺失,可能导致一个租户的所有者访问其他租户的fleet凭据。以下版本受到影响:0.15.2版本之前的0.15.x版本、0.14.6版本之前的0.14.x版本、0.13.11版本之前的0.13.x版本和0.12.15版本之前的0.12.x版本。
CVSS Information
N/A
Vulnerability Type
N/A