VDB
KO

GO-2026-5877

Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer in github.com/rancher/fleet

Details

Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer in github.com/rancher/fleet

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/rancher/fleet
Introduced in: 0.12.0 Fixed in: 0.12.15
Fix go get github.com/rancher/fleet@v0.12.15

References