Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system.
Metrics
Affected Vendors & Products
References
History
Mon, 06 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 06 Jul 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Suse
Suse rancher |
|
| Vendors & Products |
Suse
Suse rancher |
Mon, 06 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system. | |
| Title | SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components | |
| Weaknesses | CWE-918 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: suse
Published:
Updated: 2026-07-06T12:46:59.551Z
Reserved: 2026-05-08T12:29:48.967Z
Link: CVE-2026-44937
Updated: 2026-07-06T12:46:56.089Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-06T11:30:04Z