CVE-2024-52284 | THREATINT

Description

Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

PUBLISHED Reserved 2024-11-06 | Published 2025-09-02 | Updated 2025-09-02 | Assigner suse

HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-312: Cleartext Storage of Sensitive Information

Product status

Default status

unaffected

0.13.0 (semver) before 0.13.1-0.20250806151509-088bcbea7edb

affected

0.12.0 (semver) before 0.12.6

affected

0.11.0 (semver) before 0.11.10

affected

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52284

github.com/advisories/GHSA-6h9x-9j5v-7w9h

cve.org (CVE-2024-52284)

nvd.nist.gov (CVE-2024-52284)

Download JSON