pkg:Go/github.com/rancher/fleet

All known vulnerabilities

• CRITICAL9.9CVE-2026-41050Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering
  >= 0.15.0, < 0.15.1
• HIGH7.7CVE-2024-52284Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet
  >= 0.13.0, < 0.13.1-0.20250806151509-088bcbea7edb
• HIGH7.7CVE-2024-52284Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet
  >= 0.11.0, < 0.11.10, >= 0.12.0, < 0.12.6, >= 0.13.0, < 0.13.1-0.20250806151509-088bcbea7edb
• MEDIUM6.3CVE-2025-23390Fleet doesn’t validate a server’s certificate when connecting through SSH in github.com/rancher/fleet
  >= 0.9.0-rc.1, < 0.10.12
• MEDIUM6.3CVE-2025-23390Fleet doesn’t validate a server’s certificate when connecting through SSH in github.com/rancher/fleet
  >= 0.9.0-rc.1, < 0.10.12, >= 0.11.0, < 0.11.7, >= 0.12.0, < 0.12.2