Tag
An unauthenticated regex injection vulnerability exists in Rancher Fleet's webhook endpoint when it's configured without a secret, allowing attackers to forge webhook requests using unsanitized repository URL components, which leads to continuous repository re-cloning, causing network and resource exhaustion (Denial of Service) on the management cluster, and potentially service downgrades if the attacker has read access to the target Git repository.