Base Score

HIGH7.7

CVE-2024-52284

Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

VectorNETWORK

Published Bymeissner@suse.de

Published DateSep 02, 2025, 12:15

Affected Versions(3)

github.com/rancher/fleet(Go)

Introduced0.13.0

Fixed0.13.1-0.20250806151509-088bcbea7edb

LimitN/A

github.com/rancher/fleet(Go)

Introduced0.12.0

Fixed0.12.6

LimitN/A

github.com/rancher/fleet(Go)

Introduced0.11.0

Fixed0.11.10

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/rancher/fleet(Go)	0.13.0	0.13.1-0.20250806151509-088bcbea7edb	N/A
github.com/rancher/fleet(Go)	0.12.0	0.12.6	N/A
github.com/rancher/fleet(Go)	0.11.0	0.11.10	N/A

Weakness Type (CWE):CWE-312

CVSS Metrics

Base Score

7.7

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

Base Score

HIGH7.7

Weakness Type (CWE):CWE-312

CVSS Metrics

Base Score

7.7

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE