VDB
GHSA-xgpc-q899-67p8
GHSA-xgpc-q899-67p8
PUBLISHED
CVSS 6.300000190734863 MEDIUM
Fleet doesn’t validate a server’s certificate when connecting through SSH
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | rancher/fleet | 0.9.0-rc.1, 0.11.0, 0.12.0 |
Timeline
- Apr 25, 2025 CVE Published
- May 5, 2025 CVE Updated
References
- https://github.com/rancher/fleet/security/advisories/GHSA-xgpc-q899-67p8 url
- https://github.com/rancher/fleet package
- https://pkg.go.dev/vuln/GO-2025-3649 url
- https://github.com/rancher/fleet/releases/tag/v0.10.12 fix
- https://github.com/rancher/fleet/pull/3573 fix
- https://github.com/rancher/fleet/pull/3571 fix
- https://github.com/rancher/fleet/pull/3572 fix
- https://github.com/rancher/fleet/releases/tag/v0.11.7 fix
- https://github.com/rancher/fleet/releases/tag/v0.12.2 fix