Moderate severityNVD Advisory· Published Mar 4, 2026· Updated Mar 4, 2026
Rancher Backup Operator pod's logs leak S3 tokens
CVE-2025-62879
Description
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/backup-restore-operatorGo | >= 9.0.0, < 9.0.1 | 9.0.1 |
github.com/rancher/backup-restore-operatorGo | >= 8.0.0, < 8.1.2 | 8.1.2 |
github.com/rancher/backup-restore-operatorGo | >= 7.0.0, < 7.0.5 | 7.0.5 |
github.com/rancher/backup-restore-operatorGo | >= 6.0.0, < 6.0.3 | 6.0.3 |
Affected products
8- osv-coords7 versionspkg:apk/chainguard/backup-restore-operator-10.0pkg:apk/chainguard/backup-restore-operator-7.0pkg:apk/chainguard/backup-restore-operator-8.1pkg:apk/chainguard/backup-restore-operator-fips-10.0pkg:apk/chainguard/backup-restore-operator-fips-8.1pkg:golang/github.com/rancher/backup-restore-operatorpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 0+ 6 more
- (no CPE)range: < 0
- (no CPE)range: < 7.0.5-r0
- (no CPE)range: < 8.1.2-r0
- (no CPE)range: < 0
- (no CPE)range: < 8.1.2-r0
- (no CPE)range: >= 9.0.0, < 9.0.1
- (no CPE)range: < 0.0.20260317T205859-150000.1.152.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.