Impact
The vulnerability resides in SUSE Rancher Fleet’s bundle reader, where the helmRepoURLRegex field was left unset on a GitRepo resource. This omission allows an attacker who can push to the fleet‑monitored Git repository to supply an arbitrary URL in the helm.repo field of a fleet.yaml file. As a result, the BasicAuth credentials used to authenticate to the Helm chart repository are forwarded to the attacker‑controlled URL, leading to the leaking This flaw does not enable code execution; its primary danger lies in the exposure of privileged credentials that could be used to access or modify Helm repositories or other protected resources.
Affected Systems
SUSE Rancher Fleet is affected in the following major releases: version 0.15.0 up to 0.15.1, 0.14.0 up to 0.14.5, 0.13.0 up to 0.13.10, and 0.12.0 up to 0.12.14. All earlier versions are also impacted by this defect.
Risk and Exploitability
The CVSS score of 5 indicates moderate severity, and the EPSS score of less than 1% points to a low current exploitation probability. The flaw is not listed in the CISA KEV catalog. Exploitation requires an attacker to have write access to a fleet‑managed Git repository; once this condition is met, the attacker can insert a fleet.yaml containing a malicious helm.repo URL, causing the system to transmit its BasicAuth credentials to the attacker’s endpoint. No direct impact on confidentiality of the fleet data itself is indicated, but the credential leak could enable further privilege escalation in downstream systems.
OpenCVE Enrichment
Github GHSA