github.com/rancher/fleet
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/rancher/fleetpage 1 of 1
- CVE-2024-52284HIGHCVSS 7.7EG 7.7✓ Fixed in 0.13.1-0.20250806151509-088bcbea7edb2025-09-02
Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
- CVE-2026-41050CRITICALCVSS 9.9EG 9.9✓ Fixed in 0.11.132026-05-13
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by the…
Check whether github.com/rancher/fleet is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/rancher/fleet CVEs against the assets you own.
Start Free Scan →