Upstream information

CVE-2024-52282 at MITRE

Description

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET
access to the Rancher Manager Apps Catalog to read any sensitive information that are
contained within the Apps' values. Additionally, the same information
leaks into auditing logs when the audit level is set to equal or above
2.

This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.

Upstream Security Advisories:

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v3 Scores
  CNA (SUSE)
Base Score 6.2
Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Changed
Confidentiality Impact High
Integrity Impact None
Availability Impact None
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1233495 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • govulncheck-vulndb >= 0.0.20241121T195252-1.1
Patchnames:
openSUSE-Tumbleweed-2024-14519


SUSE Timeline for this CVE

CVE page created: Tue Nov 19 13:45:34 2024
CVE page last modified: Fri Apr 11 17:59:32 2025