Security: rancher/fleet
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Path Traversal in Fleet ImageScan GitRepo Path HandlerGHSA-c45g-6c2c-rj3p published
Jun 29, 2026 by samjustusModerate -
Cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm DeployerGHSA-xr65-5cpm-g36x published
May 27, 2026 by samjustusCritical -
SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yamlGHSA-hx4v-cxpf-vh8m published
May 27, 2026 by samjustusModerate -
Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL ComponentsGHSA-jmf4-m7j9-g72r published
May 27, 2026 by samjustusHigh -
PSS Bypass through addLabelsFromOptions in Fleet AgentGHSA-864g-863m-vcvq published
May 27, 2026 by samjustusHigh -
Helm impersonation - bypass of `RESTClientGetter` retains `cluster-admin` during template renderingGHSA-765j-qfrp-hm3j published
Apr 30, 2026 by samjustusCritical -
Helm Values are stored inside BundleDeployment in plain textGHSA-6h9x-9j5v-7w9h published
Aug 28, 2025 by samjustusHigh -
Fleet doesn’t validate a server’s certificate when connecting through SSHGHSA-xgpc-q899-67p8 published
Apr 25, 2025 by pdellamoreModerate