Rancher: Sensitive Information Exposure via Apps Catalog and Audit Logs

In SUSE Rancher from 2.8.0 before 2.8.10 and from 2.9.0 before 2.9.4 a medium severity vulnerability CVE-2024-52282 was detected. This vulnerability allows any user with GET access to the Rancher Manager Apps Catalog to read sensitive information contained in the Apps’ values, which also gets exposed in audit logs when the audit level is set to 2 or higher. To address this issue, users should upgrade SUSE Rancher to versions 2.8.10 or 2.9.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52282.