CVE-2025-62879
6.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | Rancher | 9.0.0 < 9.0.1 | affected |
| SUSE | Rancher | 8.0.0 < 8.1.2 | affected |
| SUSE | Rancher | 7.0.0 < 7.0.5 | affected |
| SUSE | Rancher | 6.0.0 < 6.0.3 | affected |
Weaknesses
- CWE-532: CWE-532: Insertion of Sensitive Information into Log File
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62879
- https://github.com/advisories/GHSA-wj3p-5h3x-c74q
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.