CVE-2024-52284

EUVD-2024-54941
Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
suseCNA
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
suserancher
0.12.0 ≤
𝑥
< 0.12.6
CNA
suserancher
0.11.0 ≤
𝑥
< 0.11.10
CNA
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fleet
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52284
https://github.com/advisories/GHSA-6h9x-9j5v-7w9h