CVE-2024-52284

Aliases:GHSA-6h9x-9j5v-7w9hGO-2025-3927

Advisory lineage Upstream: 0 Downstream: 3

Downstream

OPENSUSE-SU-2025:15538-1 SUSE-SU-2025:03289-1 UBUNTU-CVE-2024-52284

Deferred

Published: 02 Sept 2025, 11:49

Last modified:02 Sept 2025, 13:31

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.7 HIGH

v3.1 (cve.org)

EPSS Score

0.04% LOW

0% probability +0.02%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Sept 2025, 11:49

Published

Vulnerability first disclosed

02 Sept 2025, 13:31

Last Modified

Vulnerability information updated

Description

Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

CVSS Metrics

v3.1•HIGH•Score: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.04%• Percentile: 13%

Techniques & Countermeasures

CWE-312•Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Affected Systems

github.com/rancher•fleet
≥ 0.12.0, < 0.12.6 | ≥ 0.11.0, < 0.11.10 | ≥ 0.13.0, < 0.13.1-0.20250806151509-088bcbea7edb
suse•rancher
≥ 0.13.0, < 0.13.1-0.20250806151509-088bcbea7edb | ≥ 0.12.0, < 0.12.6 | ≥ 0.11.0, < 0.11.10