CVE-2024-52284 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-52284 at MITRE

Description

Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1246842 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/base-os-container:latest Container suse/sl-micro/6.0/toolbox:latest Image SL-Micro Image SL-Micro-Base Image SL-Micro-Base-RT Image SL-Micro-Base-RT-SelfInstall Image SL-Micro-Base-RT-encrypted Image SL-Micro-Base-SelfInstall Image SL-Micro-Base-encrypted Image SL-Micro-Base-qcow Image SL-Micro-Default Image SL-Micro-Default-SelfInstall Image SL-Micro-Default-encrypted Image SL-Micro-Default-qcow Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE	`tar >= 1.35-slfo.1.1_3.1`
openSUSE Tumbleweed	`govulncheck-vulndb >= 0.0.20250908T141310-1.1`	Patchnames: openSUSE-Tumbleweed-2025-15538

SUSE Timeline for this CVE

CVE page created: Mon Jul 21 18:46:51 2025
CVE page last modified: Wed Apr 1 14:32:26 2026