Description
A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.
Severity (CVSS)
| Base score | 5.3 |
|---|---|
| Severity | Medium |
| Version | CVSS 4.0 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
| Provided by | CNA |
Weaknesses
- CWE-23 — CWE-23 Relative path traversal
Affected products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | Rancher | 0.12.0 to <0.12.16; 0.13.0 to <0.13.12; 0.14.0 to <0.14.7; 0.15.0 to <0.15.3 |
References
- https://github.com/rancher/fleet/security/advisories/GHSA-c45g-6c2c-rj3p (vendor-advisory)
Generated from the official CVE List on 01 Jul 2026 07:05 UTC.