—
GO-2026-5877
Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer in github.com/rancher/fleet
Details
Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer in github.com/rancher/fleet
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/rancher/fleet
Introduced in:
0.12.0 Fixed in: 0.12.15 Fix
go get github.com/rancher/fleet@v0.12.15