CVE-2024-52284
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-09-02

Assigner: SUSE

Description
Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-09-02
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-14
NVD
CVE-2024-52284
EUVD
EUVD-2024-54941
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
rancher fleet 0.12.6
rancher fleet 0.13.1-0.20250806151509-088bcbea7edb
rancher fleet 0.11.0
rancher fleet 0.11.10
rancher fleet 0.13.0
rancher fleet 0.12.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-52284 is a high-severity vulnerability in Rancher Fleet where Helm values containing credentials or other secrets are stored in plain text within the BundleDeployment resource. Any user with GET or LIST permissions on these resources can access sensitive data because Fleet does not encrypt these values by default. This leads to unauthorized disclosure of sensitive information, increasing the risk of credential theft and misuse. [1]

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive data such as credentials or secrets. If an attacker or unauthorized user has GET or LIST permissions on BundleDeployment resources, they can retrieve these secrets in plain text. This can result in credential theft and misuse, potentially compromising the confidentiality of your systems and data. The impact depends on the permissions associated with the leaked credentials. [1]

Detection Guidance

This vulnerability can be detected by checking for the presence of Helm values stored in plain text within the BundleDeployment resources. You can use Kubernetes commands to list and get BundleDeployment resources and inspect the Spec.Options.Helm.Values field for sensitive data exposure. For example, use: `kubectl get bundledeployments -o yaml` or `kubectl get bundledeployment <name> -o yaml` and review the Helm values stored in the output. Look specifically for credentials or secrets in the Helm values fields. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading Rancher Fleet to a patched version (0.11.10, 0.12.6, 0.13.1-0.20250806151509-088bcbea7edb, or later) where Helm values are stored securely in Kubernetes secrets instead of plain text. If upgrading immediately is not possible, use the workaround of specifying `valuesFiles` as simple file names (e.g., `values.yaml`) rather than paths to reduce exposure risk. Additionally, review any exposed sensitive data and rotate secrets, tokens, and passwords as necessary to prevent misuse. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-52284. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart