CVE-2024-52282: Rancher Helm Applications may have sensitive values leaked

6.2 CVSS

Description

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET
access to the Rancher Manager Apps Catalog to read any sensitive information that are
contained within the Apps’ values. Additionally, the same information
leaks into auditing logs when the audit level is set to equal or above
2.

This issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.

Classification

CVE ID: CVE-2024-52282

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.2

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

Problem Types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Affected Products

Vendor: SUSE

Product: rancher

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.33% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-52282
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52282
https://github.com/rancher/rancher/security/advisories/GHSA-9c5p-35gj-jqp4

Timeline

2025-04-11 11:40:14 UTC
CVE

Rancher Helm Applications may have sensitive values leaked