github.com/rancher/fleet
Go5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/rancher/fleetpage 1 of 1
- CVE-2024-52284HIGHCVSS 7.7EG 7.7✓ Fixed in 0.13.1-0.20250806151509-088bcbea7edb2025-09-02
Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
- CVE-2026-41050CRITICALCVSS 9.9EG 9.9✓ Fixed in 0.11.132026-05-13
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by the…
- CVE-2026-44935CRITICALCVSS 9.9EG 9.9✓ Fixed in 0.15.22026-07-01
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of o…
- CVE-2026-44936MEDIUMCVSS 5.0EG 5.0✓ Fixed in 0.15.22026-07-01
Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication cre…
- CVE-2026-44937HIGHCVSS 8.2EG 8.2✓ Fixed in 0.15.22026-07-01
Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of serv…
Check whether github.com/rancher/fleet is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/rancher/fleet CVEs against the assets you own.
Start Free Scan →