{"id":"CVE-2025-62879","details":"A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.","aliases":["GHSA-wj3p-5h3x-c74q","GO-2026-4591"],"modified":"2026-04-10T05:34:09.766561Z","published":"2026-03-04T16:16:25.967Z","related":["SUSE-SU-2026:1042-1"],"references":[{"type":"ADVISORY","url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62879"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-wj3p-5h3x-c74q"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rancher/backup-restore-operator","events":[{"introduced":"afac4f665a2adb49e247799b3b73d4cb4b990f90"},{"fixed":"5c514d5161ee235175f6571affe5a08b55d39716"},{"introduced":"06578c2a8895e250dddae0acccfb560e77f62afc"},{"fixed":"016de9a6b6b5dc2787b099a12a733f609382300d"},{"introduced":"3902fa402d2ad2170a35c629a80b83b18ab288bc"},{"fixed":"8fd8f0421e435587f7d22517f060e5a8055e77ad"},{"introduced":"2a551ed0a93984cf46ea6e09cb944d80e4a30370"},{"fixed":"9fc04f18a1dddb9c23321b4883fa344f7aa68bd0"}],"database_specific":{"versions":[{"introduced":"6.0.0"},{"fixed":"6.0.3"},{"introduced":"7.0.0"},{"fixed":"7.0.5"},{"introduced":"8.0.0"},{"fixed":"8.1.2"},{"introduced":"9.0.0"},{"fixed":"9.0.1"}]}}],"versions":["v6.0.0","v6.0.0-rc.7","v6.0.1","v6.0.1-rc.1","v6.0.2","v6.0.2-rc.1","v7.0.0","v7.0.1","v7.0.1-rc.1","v7.0.2","v7.0.2-rc.1","v7.0.2-rc.2","v7.0.3","v7.0.3-rc.1","v7.0.4","v7.0.4-rc.1","v7.0.4-rc.2","v8.0.0","v8.1.0","v8.1.0-rc.1","v8.1.1","v8.1.1-rc.1","v9.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62879.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}]}