Nixpkgs security tracker

Untriaged

Permalink CVE-2025-62879

6.8 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Rancher Backup Operator pod's logs leak S3 tokens

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.

References

Affected products

github.com/rancher/backup-restore-operator

<6.0.3
<9.0.1
<7.0.5
<8.1.2

Matching in nixpkgs

pkgs.rancher

Rancher Command Line Interface (CLI) is a unified tool for interacting with your Rancher Server

nixos-unstable 2.13.3
- nixpkgs-unstable 2.13.3
- nixos-unstable-small 2.13.3
nixos-25.11 2.12.3
- nixos-25.11-small 2.12.3
- nixpkgs-25.11-darwin 2.12.3

pkgs.terraform-providers.rancher2

None

nixos-unstable rancher2-13.1.4
- nixpkgs-unstable rancher2-13.1.4
- nixos-unstable-small rancher2-13.1.4
nixos-25.11 rancher2-8.3.1
- nixos-25.11-small rancher2-8.3.1
- nixpkgs-25.11-darwin rancher2-8.3.1

pkgs.terraform-providers.rancher_rancher2