Impact
When the DEBUG log level is enabled in SUSE Rancher AI Agent before version 1.0.2, the application may inadvertently log sensitive data into its log files. This flaw creates an information disclosure that could allow an attacker who can read those logs to obtain credentials or confidential information and compromise the services the agent interacts with. The weakness resides in improper handling of sensitive data in logging and corresponds to CWE-215.
Affected Systems
The vulnerability affects SUSE Rancher AI Agent versions earlier than 1.0.2. Users running a local instance of the agent can trigger DEBUG mode by configuring the log level and subsequently read the agent’s log files. The affected products are listed under the CNA entry SUSE:Rancher.
Risk and Exploitability
The CVSS score of 7 indicates high severity, but the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The flaw is not listed in CISA’s KEV catalog. Based on the description, the attack vector is inferred to be local because an attacker would need local access to enable DEBUG logging and read the agent’s logs. The attacker would need sufficient permissions to read service logs to misuse the exposed data.
OpenCVE Enrichment