CVE-2025-62879 | THREATINT

Description

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.

PUBLISHED Reserved 2025-10-24 | Published 2026-03-04 | Updated 2026-03-04 | Assigner suse

MEDIUM: 6.8CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-532: Insertion of Sensitive Information into Log File

Product status

Default status

unaffected

9.0.0 (semver) before 9.0.1

affected

8.0.0 (semver) before 8.1.2

affected

7.0.0 (semver) before 7.0.5

affected

6.0.0 (semver) before 6.0.3

affected

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62879

github.com/advisories/GHSA-wj3p-5h3x-c74q

cve.org (CVE-2025-62879)

nvd.nist.gov (CVE-2025-62879)

Download JSON