VDB
GO-2025-3649
GO-2025-3649
PUBLISHED
Fleet doesn’t validate a server’s certificate when connecting through SSH in github.com/rancher/fleet
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | rancher/fleet | 0.9.0-rc.1, 0.11.0, 0.12.0 |
Timeline
- May 5, 2025 CVE Published
- Mar 3, 2026 CVE Updated
References
- https://github.com/rancher/fleet/security/advisories/GHSA-xgpc-q899-67p8 advisory
- https://github.com/rancher/fleet/pull/3571 patch
- https://github.com/rancher/fleet/pull/3572 patch
- https://github.com/rancher/fleet/pull/3573 patch
- https://github.com/rancher/fleet/releases/tag/v0.10.12 url
- https://github.com/rancher/fleet/releases/tag/v0.11.7 url
- https://github.com/rancher/fleet/releases/tag/v0.12.2 url