CVE-2024-52284

Summary

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets.

Affected Software

VendorProductVersion RangeStatus
SUSERancher0.13.0 < 0.13.1-0.20250806151509-088bcbea7edbaffected
SUSERancher0.12.0 < 0.12.6affected
SUSERancher0.11.0 < 0.11.10affected

Weaknesses

  • CWE-312: CWE-312: Cleartext Storage of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References