CVE-2025-62879 PUBLISHED

Rancher Backup Operator pod's logs leak S3 tokens

Assigner: suse
Reserved: 24.10.2025 Published: 04.03.2026 Updated: 04.03.2026

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CVSS Score: 6.8

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SUSE
Product	Rancher
Versions	Default: unaffected affected from 9.0.0 to 9.0.1 (excl.) affected from 8.0.0 to 8.1.2 (excl.) affected from 7.0.0 to 7.0.5 (excl.) affected from 6.0.0 to 6.0.3 (excl.)

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62879
https://github.com/advisories/GHSA-wj3p-5h3x-c74q

Problem Types

CWE-532: Insertion of Sensitive Information into Log File CWE