Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system.
| Vendor | Product | Versions |
|---|---|---|
| su | rancher fleet | 0.15.0, 0.14.0, 0.13.0, 0.12.0, 0.12.14, 0.13.10, 0.14.5, 0.15.1 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| go | github.com/rancher/fleet | GHSA | 85% |
Updated severity to CRITICAL, added new affected versions, and noted that no exploit is available.
Initial creation