CVE-2025-62879: Rancher Backup Operator pod's logs leak S3 tokens
(updated )
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod’s logs.
Specifically, the S3 accessKey and secretKey are exposed in the pod’s logs under the following logging level conditions:
| Variable Exposed | Logging Level Condition |
|---|---|
| accessKey | trace: false (default), and debug: false (default) |
| secretKey | trace: true or debug: true |
Note: The S3 accessKey is exposed in the logs without requiring any supplementary configuration.
For further information on this attack category, please consult the associated MITRE ATT&CK - Technique - Log Enumeration.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-62879 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →