VYPR

Fleet

by Rancher

Source repositories

CVEs (4)

  • CVE-2026-41050CriMay 13, 2026
    risk 0.57cvss 9.9epss 0.00

    Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.

  • CVE-2024-52284HigSep 2, 2025
    risk 0.43cvss 7.7epss 0.00

    Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

  • CVE-2025-23390medApr 25, 2025
    risk 0.19cvss epss 0.00

    ### Impact A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate when connecting through SSH if the certificate isn’t set in the `known_hosts` file. This could allow the execution of a…

  • CVE-2019-1020009Jul 29, 2019
    risk 0.00cvss epss 0.01

    Fleet before 2.1.2 allows exposure of SMTP credentials.