Vulnerabilites related to helm - helm
cve-2019-25210
Vulnerability from cvelistv5
Published
2024-03-03 00:00
Modified
2024-09-04 17:38
Severity ?
EPSS score ?
Summary
An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:00:19.379Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/helm/helm/issues/7275", }, { tags: [ "x_transferred", ], url: "https://www.cncf.io/projects/helm/", }, { tags: [ "x_transferred", ], url: "https://helm.sh/blog/response-cve-2019-25210/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "helm", vendor: "helm", versions: [ { lessThanOrEqual: "3.13.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2019-25210", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-19T19:38:47.344058Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-04T17:38:48.040Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-15T00:20:10.533087", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/helm/helm/issues/7275", }, { url: "https://www.cncf.io/projects/helm/", }, { url: "https://helm.sh/blog/response-cve-2019-25210/", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-25210", datePublished: "2024-03-03T00:00:00", dateReserved: "2024-03-03T00:00:00", dateUpdated: "2024-09-04T17:38:48.040Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23525
Vulnerability from cvelistv5
Published
2022-12-15 00:38
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q | x_refsource_CONFIRM | |
| https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:43:46.542Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q", }, { name: "https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: "< v3.10.3", }, ], }, ], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-15T00:38:09.873Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q", }, { name: "https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b", tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b", }, ], source: { advisory: "GHSA-53c4-hhmh-vw5q", discovery: "UNKNOWN", }, title: "Helm vulnerable to Denial of service via NULL Pointer Dereference", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23525", datePublished: "2022-12-15T00:38:09.873Z", dateReserved: "2022-01-19T21:23:53.783Z", dateUpdated: "2024-08-03T03:43:46.542Z", requesterUserId: "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-32690
Vulnerability from cvelistv5
Published
2021-06-16 22:10
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This issue has been resolved in 3.6.1. There is a workaround through which one may check for improperly passed credentials. One may use a username and password for a Helm repository and may audit the Helm repository in order to check for another domain being used that could have received the credentials. In the `index.yaml` file for that repository, one may look for another domain in the `urls` list for the chart versions. If there is another domain found and that chart version was pulled or installed, the credentials would be passed on.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf | x_refsource_CONFIRM | |
| https://github.com/helm/helm/releases/tag/v3.6.1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:25:31.090Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/releases/tag/v3.6.1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: "< 3.6.1", }, ], }, ], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This issue has been resolved in 3.6.1. There is a workaround through which one may check for improperly passed credentials. One may use a username and password for a Helm repository and may audit the Helm repository in order to check for another domain being used that could have received the credentials. In the `index.yaml` file for that repository, one may look for another domain in the `urls` list for the chart versions. If there is another domain found and that chart version was pulled or installed, the credentials would be passed on.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-16T22:10:10", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/releases/tag/v3.6.1", }, ], source: { advisory: "GHSA-56hp-xqp3-w2jf", discovery: "UNKNOWN", }, title: "Repository credentials passed to alternate domain", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-32690", STATE: "PUBLIC", TITLE: "Repository credentials passed to alternate domain", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "helm", version: { version_data: [ { version_value: "< 3.6.1", }, ], }, }, ], }, vendor_name: "helm", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This issue has been resolved in 3.6.1. There is a workaround through which one may check for improperly passed credentials. One may use a username and password for a Helm repository and may audit the Helm repository in order to check for another domain being used that could have received the credentials. In the `index.yaml` file for that repository, one may look for another domain in the `urls` list for the chart versions. If there is another domain found and that chart version was pulled or installed, the credentials would be passed on.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf", refsource: "CONFIRM", url: "https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf", }, { name: "https://github.com/helm/helm/releases/tag/v3.6.1", refsource: "MISC", url: "https://github.com/helm/helm/releases/tag/v3.6.1", }, ], }, source: { advisory: "GHSA-56hp-xqp3-w2jf", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-32690", datePublished: "2021-06-16T22:10:10", dateReserved: "2021-05-12T00:00:00", dateUpdated: "2024-08-03T23:25:31.090Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25165
Vulnerability from cvelistv5
Published
2023-02-08 19:07
Modified
2025-03-10 21:15
Severity ?
EPSS score ?
Summary
Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8 | x_refsource_CONFIRM | |
| https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:18:35.855Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8", }, { name: "https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25165", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T21:01:09.151862Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:15:03.873Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: ">= 3.0.0, < 3.11.1", }, ], }, ], descriptions: [ { lang: "en", value: "Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-08T19:07:14.089Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8", }, { name: "https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2", tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2", }, ], source: { advisory: "GHSA-pwcw-6f5g-gxf8", discovery: "UNKNOWN", }, title: "getHostByName Function Information Disclosure", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-25165", datePublished: "2023-02-08T19:07:14.089Z", dateReserved: "2023-02-03T16:59:18.246Z", dateUpdated: "2025-03-10T21:15:03.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-21303
Vulnerability from cvelistv5
Published
2021-02-05 21:40
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used "as is" without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx | x_refsource_CONFIRM | |
| https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a | x_refsource_MISC | |
| https://github.com/helm/helm/releases/tag/v3.5.2 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:09:15.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/releases/tag/v3.5.2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: "> 3.0, < 3.5.2", }, ], }, ], descriptions: [ { lang: "en", value: "Helm is open-source software which is essentially \"The Kubernetes Package Manager\". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used \"as is\" without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-74", description: "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-05T21:40:14", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/releases/tag/v3.5.2", }, ], source: { advisory: "GHSA-c38g-469g-cmgx", discovery: "UNKNOWN", }, title: "Injection attack in Helm", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-21303", STATE: "PUBLIC", TITLE: "Injection attack in Helm", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "helm", version: { version_data: [ { version_value: "> 3.0, < 3.5.2", }, ], }, }, ], }, vendor_name: "helm", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Helm is open-source software which is essentially \"The Kubernetes Package Manager\". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used \"as is\" without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx", refsource: "CONFIRM", url: "https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx", }, { name: "https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a", refsource: "MISC", url: "https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a", }, { name: "https://github.com/helm/helm/releases/tag/v3.5.2", refsource: "MISC", url: "https://github.com/helm/helm/releases/tag/v3.5.2", }, ], }, source: { advisory: "GHSA-c38g-469g-cmgx", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-21303", datePublished: "2021-02-05T21:40:14", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-08-03T18:09:15.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23526
Vulnerability from cvelistv5
Published
2022-12-15 00:43
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33 | x_refsource_CONFIRM | |
| https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:43:46.526Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33", }, { name: "https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: "< v3.10.3", }, ], }, ], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-15T00:43:40.383Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33", }, { name: "https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d", tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d", }, ], source: { advisory: "GHSA-67fx-wx78-jx33", discovery: "UNKNOWN", }, title: "Helm contains Denial of service through schema file", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23526", datePublished: "2022-12-15T00:43:40.383Z", dateReserved: "2022-01-19T21:23:53.784Z", dateUpdated: "2024-08-03T03:43:46.526Z", requesterUserId: "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36049
Vulnerability from cvelistv5
Published
2022-09-07 20:15
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fluxcd/flux2/security/advisories/GHSA-p2g7-xwvr-rrw3 | x_refsource_CONFIRM | |
| https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh | x_refsource_MISC | |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44996 | x_refsource_MISC | |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48360 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:52:00.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/fluxcd/flux2/security/advisories/GHSA-p2g7-xwvr-rrw3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44996", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48360", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "flux2", vendor: "fluxcd", versions: [ { status: "affected", version: ">= 0.0.4, < 0.23.0", }, { status: "affected", version: ">= 0.0.17, < 0.32.0", }, ], }, ], descriptions: [ { lang: "en", value: "Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-07T20:15:13", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/fluxcd/flux2/security/advisories/GHSA-p2g7-xwvr-rrw3", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44996", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48360", }, ], source: { advisory: "GHSA-p2g7-xwvr-rrw3", discovery: "UNKNOWN", }, title: "Flux2 Helm Controller denial of service", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-36049", STATE: "PUBLIC", TITLE: "Flux2 Helm Controller denial of service", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "flux2", version: { version_data: [ { version_value: ">= 0.0.4, < 0.23.0", }, { version_value: ">= 0.0.17, < 0.32.0", }, ], }, }, ], }, vendor_name: "fluxcd", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400: Uncontrolled Resource Consumption", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/fluxcd/flux2/security/advisories/GHSA-p2g7-xwvr-rrw3", refsource: "CONFIRM", url: "https://github.com/fluxcd/flux2/security/advisories/GHSA-p2g7-xwvr-rrw3", }, { name: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", refsource: "MISC", url: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", }, { name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44996", refsource: "MISC", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44996", }, { name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48360", refsource: "MISC", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48360", }, ], }, source: { advisory: "GHSA-p2g7-xwvr-rrw3", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-36049", datePublished: "2022-09-07T20:15:13", dateReserved: "2022-07-15T00:00:00", dateUpdated: "2024-08-03T09:52:00.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11013
Vulnerability from cvelistv5
Published
2020-04-24 20:05
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The documented behavior of `helm template` states that it does not attach to a remote cluster. However, a the recently added `lookup` template function circumvents this restriction and connects to the cluster even during `helm template` and `helm install|update|delete|rollback --dry-run`. The user is not notified of this behavior. Running `helm template` should not make calls to a cluster. This is different from `install`, which is presumed to have access to a cluster in order to load resources into Kubernetes. Helm 2 is unaffected by this vulnerability. A malicious chart author could inject a `lookup` into a chart that, when rendered through `helm template`, performs unannounced lookups against the cluster a user's `KUBECONFIG` file points to. This information can then be disclosed via the output of `helm template`. This issue has been fixed in Helm 3.2.0
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8 | x_refsource_CONFIRM | |
| https://github.com/helm/helm/releases/tag/v3.2.0 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:21:14.350Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/releases/tag/v3.2.0", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Helm", vendor: "helm", versions: [ { status: "affected", version: ">= 3.1.0, < 3.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The documented behavior of `helm template` states that it does not attach to a remote cluster. However, a the recently added `lookup` template function circumvents this restriction and connects to the cluster even during `helm template` and `helm install|update|delete|rollback --dry-run`. The user is not notified of this behavior. Running `helm template` should not make calls to a cluster. This is different from `install`, which is presumed to have access to a cluster in order to load resources into Kubernetes. Helm 2 is unaffected by this vulnerability. A malicious chart author could inject a `lookup` into a chart that, when rendered through `helm template`, performs unannounced lookups against the cluster a user's `KUBECONFIG` file points to. This information can then be disclosed via the output of `helm template`. This issue has been fixed in Helm 3.2.0", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-24T20:05:15", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/releases/tag/v3.2.0", }, ], source: { advisory: "GHSA-q8q8-93cv-v6h8", discovery: "UNKNOWN", }, title: "lookup Function Information Discolosure in Helm", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2020-11013", STATE: "PUBLIC", TITLE: "lookup Function Information Discolosure in Helm", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Helm", version: { version_data: [ { version_value: ">= 3.1.0, < 3.2.0", }, ], }, }, ], }, vendor_name: "helm", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The documented behavior of `helm template` states that it does not attach to a remote cluster. However, a the recently added `lookup` template function circumvents this restriction and connects to the cluster even during `helm template` and `helm install|update|delete|rollback --dry-run`. The user is not notified of this behavior. Running `helm template` should not make calls to a cluster. This is different from `install`, which is presumed to have access to a cluster in order to load resources into Kubernetes. Helm 2 is unaffected by this vulnerability. A malicious chart author could inject a `lookup` into a chart that, when rendered through `helm template`, performs unannounced lookups against the cluster a user's `KUBECONFIG` file points to. This information can then be disclosed via the output of `helm template`. This issue has been fixed in Helm 3.2.0", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8", refsource: "CONFIRM", url: "https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8", }, { name: "https://github.com/helm/helm/releases/tag/v3.2.0", refsource: "MISC", url: "https://github.com/helm/helm/releases/tag/v3.2.0", }, ], }, source: { advisory: "GHSA-q8q8-93cv-v6h8", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-11013", datePublished: "2020-04-24T20:05:15", dateReserved: "2020-03-30T00:00:00", dateUpdated: "2024-08-04T11:21:14.350Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4053
Vulnerability from cvelistv5
Published
2020-06-16 22:00
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f | x_refsource_CONFIRM | |
| https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688 | x_refsource_MISC | |
| https://github.com/helm/helm/releases/tag/v3.2.4 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Helm Project | Helm |
Version: >= 3.0.0, < 3.2.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:52:20.934Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/releases/tag/v3.2.4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Helm", vendor: "The Helm Project", versions: [ { status: "affected", version: ">= 3.0.0, < 3.2.4", }, ], }, ], descriptions: [ { lang: "en", value: "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-16T22:00:19", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/releases/tag/v3.2.4", }, ], source: { advisory: "GHSA-qq3j-xp49-j73f", discovery: "UNKNOWN", }, title: "Path Traversal in Helm Plugin Archive", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2020-4053", STATE: "PUBLIC", TITLE: "Path Traversal in Helm Plugin Archive", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Helm", version: { version_data: [ { version_value: ">= 3.0.0, < 3.2.4", }, ], }, }, ], }, vendor_name: "The Helm Project", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f", refsource: "CONFIRM", url: "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f", }, { name: "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688", refsource: "MISC", url: "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688", }, { name: "https://github.com/helm/helm/releases/tag/v3.2.4", refsource: "MISC", url: "https://github.com/helm/helm/releases/tag/v3.2.4", }, ], }, source: { advisory: "GHSA-qq3j-xp49-j73f", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-4053", datePublished: "2020-06-16T22:00:19", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-08-04T07:52:20.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15186
Vulnerability from cvelistv5
Published
2020-09-17 21:40
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33 | x_refsource_CONFIRM | |
| https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:08:22.480Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: ">= 2.0.0, < 2.16.11", }, { status: "affected", version: ">= 3.0.0, < 3.3.2", }, ], }, ], descriptions: [ { lang: "en", value: "In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.4, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "{\"CWE-20\":\"Improper Input Validation\"}", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-17T21:40:13", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542", }, ], source: { advisory: "GHSA-m54r-vrmv-hw33", discovery: "UNKNOWN", }, title: "Improper sanitization of plugin names in Helm", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2020-15186", STATE: "PUBLIC", TITLE: "Improper sanitization of plugin names in Helm", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "helm", version: { version_data: [ { version_value: ">= 2.0.0, < 2.16.11", }, { version_value: ">= 3.0.0, < 3.3.2", }, ], }, }, ], }, vendor_name: "helm", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.4, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "{\"CWE-20\":\"Improper Input Validation\"}", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33", refsource: "CONFIRM", url: "https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33", }, { name: "https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542", refsource: "MISC", url: "https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542", }, ], }, source: { advisory: "GHSA-m54r-vrmv-hw33", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-15186", datePublished: "2020-09-17T21:40:13", dateReserved: "2020-06-25T00:00:00", dateUpdated: "2024-08-04T13:08:22.480Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1010275
Vulnerability from cvelistv5
Published
2019-07-17 20:14
Modified
2024-08-05 03:07
Severity ?
EPSS score ?
Summary
helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/releases/tag/v2.7.2 | x_refsource_MISC | |
| https://github.com/helm/helm/pull/3152 | x_refsource_MISC | |
| https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:07:18.493Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/releases/tag/v2.7.2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/pull/3152", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: "Before 2.7.2 [fixed: 2.7.2]", }, ], }, ], descriptions: [ { lang: "en", value: "helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295: Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-17T20:14:50", orgId: "7556d962-6fb7-411e-85fa-6cd62f095ba8", shortName: "dwf", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/releases/tag/v2.7.2", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/pull/3152", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve-assign@distributedweaknessfiling.org", ID: "CVE-2019-1010275", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "helm", version: { version_data: [ { version_value: "Before 2.7.2 [fixed: 2.7.2]", }, ], }, }, ], }, vendor_name: "helm", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-295: Improper Certificate Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/helm/helm/releases/tag/v2.7.2", refsource: "MISC", url: "https://github.com/helm/helm/releases/tag/v2.7.2", }, { name: "https://github.com/helm/helm/pull/3152", refsource: "MISC", url: "https://github.com/helm/helm/pull/3152", }, { name: "https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50", refsource: "MISC", url: "https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7556d962-6fb7-411e-85fa-6cd62f095ba8", assignerShortName: "dwf", cveId: "CVE-2019-1010275", datePublished: "2019-07-17T20:14:50", dateReserved: "2019-03-20T00:00:00", dateUpdated: "2024-08-05T03:07:18.493Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15185
Vulnerability from cvelistv5
Published
2020-09-17 21:30
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453 | x_refsource_CONFIRM | |
| https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:08:22.474Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: ">= 2.0.0, < 2.16.11", }, { status: "affected", version: ">= 3.0.0, < 3.3.2", }, ], }, ], descriptions: [ { lang: "en", value: "In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-694", description: "{\"CWE-694\":\"Use of Multiple Resources with Duplicate Identifier\"}", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-74", description: "{\"CWE-74\":\"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\"}", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-17T21:30:13", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc", }, ], source: { advisory: "GHSA-jm56-5h66-w453", discovery: "UNKNOWN", }, title: "Duplicated chart entries in Helm", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2020-15185", STATE: "PUBLIC", TITLE: "Duplicated chart entries in Helm", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "helm", version: { version_data: [ { version_value: ">= 2.0.0, < 2.16.11", }, { version_value: ">= 3.0.0, < 3.3.2", }, ], }, }, ], }, vendor_name: "helm", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "{\"CWE-694\":\"Use of Multiple Resources with Duplicate Identifier\"}", }, ], }, { description: [ { lang: "eng", value: "{\"CWE-74\":\"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\"}", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453", refsource: "CONFIRM", url: "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453", }, { name: "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc", refsource: "MISC", url: "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc", }, ], }, source: { advisory: "GHSA-jm56-5h66-w453", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-15185", datePublished: "2020-09-17T21:30:13", dateReserved: "2020-06-25T00:00:00", dateUpdated: "2024-08-04T13:08:22.474Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26147
Vulnerability from cvelistv5
Published
2024-02-21 22:21
Modified
2024-08-14 19:55
Severity ?
EPSS score ?
Summary
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6 | x_refsource_CONFIRM | |
| https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:59:32.585Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6", }, { name: "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "helm", vendor: "helm", versions: [ { lessThan: "3.14.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-26147", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T19:54:40.217354Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T19:55:28.698Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: "< 3.14.2", }, ], }, ], descriptions: [ { lang: "en", value: "Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-457", description: "CWE-457: Use of Uninitialized Variable", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-21T22:21:42.658Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6", }, { name: "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af", tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af", }, ], source: { advisory: "GHSA-r53h-jv2g-vpx6", discovery: "UNKNOWN", }, title: "Helm's Missing YAML Content Leads To Panic", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-26147", datePublished: "2024-02-21T22:21:42.658Z", dateReserved: "2024-02-14T17:40:03.689Z", dateUpdated: "2024-08-14T19:55:28.698Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25620
Vulnerability from cvelistv5
Published
2024-02-14 23:24
Modified
2024-08-26 14:49
Severity ?
EPSS score ?
Summary
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r | x_refsource_CONFIRM | |
| https://github.com/helm/helm/commit/0d0f91d1ce277b2c8766cdc4c7aa04dbafbf2503 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:44:09.801Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r", }, { name: "https://github.com/helm/helm/commit/0d0f91d1ce277b2c8766cdc4c7aa04dbafbf2503", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/commit/0d0f91d1ce277b2c8766cdc4c7aa04dbafbf2503", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "helm", vendor: "helm", versions: [ { lessThan: "3.14.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-25620", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-15T19:45:34.439610Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-26T14:49:43.726Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: "< 3.14.1", }, ], }, ], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-14T23:24:57.651Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r", }, { name: "https://github.com/helm/helm/commit/0d0f91d1ce277b2c8766cdc4c7aa04dbafbf2503", tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/commit/0d0f91d1ce277b2c8766cdc4c7aa04dbafbf2503", }, ], source: { advisory: "GHSA-v53g-5gjp-272r", discovery: "UNKNOWN", }, title: "Dependency management path traversal in helm", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-25620", datePublished: "2024-02-14T23:24:57.651Z", dateReserved: "2024-02-08T22:26:33.511Z", dateUpdated: "2024-08-26T14:49:43.726Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1000008
Vulnerability from cvelistv5
Published
2019-02-04 21:00
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helm.sh/blog/helm-security-notice-2019/index.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:00:19.248Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://helm.sh/blog/helm-security-notice-2019/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2019-01-22T00:00:00", datePublic: "2019-02-04T00:00:00", descriptions: [ { lang: "en", value: "All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-04T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://helm.sh/blog/helm-security-notice-2019/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2019-01-22T21:21:10.016652", DATE_REQUESTED: "2019-01-14T20:30:06", ID: "CVE-2019-1000008", REQUESTER: "matt@mattfarina.com", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://helm.sh/blog/helm-security-notice-2019/index.html", refsource: "MISC", url: "https://helm.sh/blog/helm-security-notice-2019/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-1000008", datePublished: "2019-02-04T21:00:00", dateReserved: "2019-01-14T00:00:00", dateUpdated: "2024-08-05T03:00:19.248Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15184
Vulnerability from cvelistv5
Published
2020-09-17 20:40
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776 | x_refsource_CONFIRM | |
| https://github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:08:22.470Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: ">= 2.0.0, < 2.16.11", }, { status: "affected", version: ">= 3.0.0, < 3.3.2", }, ], }, ], descriptions: [ { lang: "en", value: "In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "{\"CWE-20\":\"Improper Input Validation\"}", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-17T20:40:12", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850", }, ], source: { advisory: "GHSA-9vp5-m38w-j776", discovery: "UNKNOWN", }, title: "Aliases are never checked in Helm", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2020-15184", STATE: "PUBLIC", TITLE: "Aliases are never checked in Helm", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "helm", version: { version_data: [ { version_value: ">= 2.0.0, < 2.16.11", }, { version_value: ">= 3.0.0, < 3.3.2", }, ], }, }, ], }, vendor_name: "helm", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "{\"CWE-20\":\"Improper Input Validation\"}", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776", refsource: "CONFIRM", url: "https://github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776", }, { name: "https://github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850", refsource: "MISC", url: "https://github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850", }, ], }, source: { advisory: "GHSA-9vp5-m38w-j776", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-15184", datePublished: "2020-09-17T20:40:12", dateReserved: "2020-06-25T00:00:00", dateUpdated: "2024-08-04T13:08:22.470Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15187
Vulnerability from cvelistv5
Published
2020-09-17 21:50
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j | x_refsource_CONFIRM | |
| https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:08:22.691Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: ">= 2.0.0, < 2.16.11", }, { status: "affected", version: ">= 3.0.0, < 3.3.2", }, ], }, ], descriptions: [ { lang: "en", value: "In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-694", description: "{\"CWE-694\":\"Use of Multiple Resources with Duplicate Identifier\"}", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-74", description: "{\"CWE-74\":\"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\"}", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-17T21:50:12", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b", }, ], source: { advisory: "GHSA-c52f-pq47-2r9j", discovery: "UNKNOWN", }, title: "Duplicate plugin entries in Helm", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2020-15187", STATE: "PUBLIC", TITLE: "Duplicate plugin entries in Helm", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "helm", version: { version_data: [ { version_value: ">= 2.0.0, < 2.16.11", }, { version_value: ">= 3.0.0, < 3.3.2", }, ], }, }, ], }, vendor_name: "helm", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "{\"CWE-694\":\"Use of Multiple Resources with Duplicate Identifier\"}", }, ], }, { description: [ { lang: "eng", value: "{\"CWE-74\":\"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\"}", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j", refsource: "CONFIRM", url: "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j", }, { name: "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b", refsource: "MISC", url: "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b", }, ], }, source: { advisory: "GHSA-c52f-pq47-2r9j", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-15187", datePublished: "2020-09-17T21:50:12", dateReserved: "2020-06-25T00:00:00", dateUpdated: "2024-08-04T13:08:22.691Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23524
Vulnerability from cvelistv5
Published
2022-12-15 00:28
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:43:46.450Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: "< v3.10.3", }, ], }, ], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-15T00:28:34.540Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r", }, ], source: { advisory: "GHSA-6rx9-889q-vv2r", discovery: "UNKNOWN", }, title: "Helm vulnerable to Denial of service through string value parsing", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23524", datePublished: "2022-12-15T00:28:34.540Z", dateReserved: "2022-01-19T21:23:53.783Z", dateUpdated: "2024-08-03T03:43:46.450Z", requesterUserId: "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36055
Vulnerability from cvelistv5
Published
2022-09-01 12:15
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `--set`, `--set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh | x_refsource_CONFIRM | |
| https://github.com/helm/helm/releases/tag/v3.9.4 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:52:00.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/helm/helm/releases/tag/v3.9.4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "helm", vendor: "helm", versions: [ { status: "affected", version: "< 3.9.4", }, ], }, ], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `--set`, `--set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-01T12:15:13", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/helm/helm/releases/tag/v3.9.4", }, ], source: { advisory: "GHSA-7hfp-qfw3-5jxh", discovery: "UNKNOWN", }, title: "Denial of service in Helm", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-36055", STATE: "PUBLIC", TITLE: "Denial of service in Helm", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "helm", version: { version_data: [ { version_value: "< 3.9.4", }, ], }, }, ], }, vendor_name: "helm", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `--set`, `--set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400: Uncontrolled Resource Consumption", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", refsource: "CONFIRM", url: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", }, { name: "https://github.com/helm/helm/releases/tag/v3.9.4", refsource: "MISC", url: "https://github.com/helm/helm/releases/tag/v3.9.4", }, ], }, source: { advisory: "GHSA-7hfp-qfw3-5jxh", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-36055", datePublished: "2022-09-01T12:15:13", dateReserved: "2022-07-15T00:00:00", dateUpdated: "2024-08-03T09:52:00.289Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18658
Vulnerability from cvelistv5
Published
2019-11-12 13:20
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helm.sh/blog/2019-10-30-helm-symlink-security-notice/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:54:14.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://helm.sh/blog/2019-10-30-helm-symlink-security-notice/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-12T13:20:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://helm.sh/blog/2019-10-30-helm-symlink-security-notice/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18658", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://helm.sh/blog/2019-10-30-helm-symlink-security-notice/", refsource: "MISC", url: "https://helm.sh/blog/2019-10-30-helm-symlink-security-notice/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18658", datePublished: "2019-11-12T13:20:13", dateReserved: "2019-10-31T00:00:00", dateUpdated: "2024-08-05T01:54:14.598Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-03-03 21:15
Modified
2025-02-11 15:58
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:-:*:*:*:*:*:*:*", matchCriteriaId: "606B3397-0482-45AB-9683-716665632036", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.", }, { lang: "es", value: "Se descubrió un problema en Helm de Cloud Native Computing Foundation (CNCF) hasta la versión 3.13.3. Muestra valores de secretos cuando se utiliza el indicador --dry-run. Esto es un problema de seguridad en algunos casos de uso, como una llamada de prueba realizada por una herramienta CI/CD. NOTA: la posición del proveedor es que este comportamiento se introdujo intencionalmente y no se puede eliminar sin romper la compatibilidad con versiones anteriores (algunos usuarios pueden confiar en estos valores).", }, ], id: "CVE-2019-25210", lastModified: "2025-02-11T15:58:14.590", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-03T21:15:49.867", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/helm/helm/issues/7275", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://helm.sh/blog/response-cve-2019-25210/", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.cncf.io/projects/helm/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/helm/helm/issues/7275", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://helm.sh/blog/response-cve-2019-25210/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.cncf.io/projects/helm/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-04 21:29
Modified
2024-11-21 04:17
Severity ?
Summary
All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://helm.sh/blog/helm-security-notice-2019/index.html | Exploit, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://helm.sh/blog/helm-security-notice-2019/index.html | Exploit, Mitigation, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "7232EE4B-57DF-4F3A-9DC0-698DE50600B7", versionEndExcluding: "2.12.2", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2.", }, { lang: "es", value: "Todas las versiones de Helm entre la 2.0.0 (incluida) y la 2.12.2 contienen una vulnerabilidad CWE-22: limitación incorrecta de un nombre de ruta hacia un directorio restringido (salto de directorio) en los comandos helm fetch --untar y helm lint some.tgz. Esta vulnerabilidad puede desencadenarse cuando los archivos comprimidos chart se descomprimen, ya que un archivo podría descomprimirse fuera del directorio objetivo. El ataque parece ser explotable si una víctima ejecuta un comando de helm en un archivo comprimido chart especialmente manipulado. La vulnerabilidad parece haber sido solucionada en la versión 2.12.2.", }, ], id: "CVE-2019-1000008", lastModified: "2024-11-21T04:17:39.867", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-04T21:29:00.910", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://helm.sh/blog/helm-security-notice-2019/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://helm.sh/blog/helm-security-notice-2019/index.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-08 20:15
Modified
2024-11-21 07:49
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "52B3342E-F1D8-46B9-91C1-192092207FFA", versionEndExcluding: "3.11.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.", }, ], id: "CVE-2023-25165", lastModified: "2024-11-21T07:49:14.133", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-08T20:15:24.937", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-15 00:15
Modified
2025-01-09 13:55
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Summary
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "2F972F64-42BF-48B2-AE0D-CCA34D9F7958", versionEndExcluding: "3.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.", }, { lang: "es", value: "Helm es una herramienta para gestionar gráficos. Los gráficos son paquetes de recursos de Kubernetes preconfigurados. Cuando se utiliza el cliente Helm o el SDK para guardar un gráfico cuyo nombre dentro del archivo `Chart.yaml` incluye un cambio de ruta relativa, el gráfico se guardará fuera de su directorio esperado en función de los cambios en la ruta relativa. La validación y el linting no detectaron los cambios de ruta en el nombre. Este problema se resolvió en Helm v3.14.1. Los usuarios que no puedan actualizar deben verificar todos los gráficos utilizados por Helm en busca de cambios de ruta en su nombre, como se encuentra en el archivo `Chart.yaml`. Esto incluye dependencias.", }, ], id: "CVE-2024-25620", lastModified: "2025-01-09T13:55:40.353", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 2.7, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-15T00:15:45.347", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/helm/helm/commit/0d0f91d1ce277b2c8766cdc4c7aa04dbafbf2503", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/helm/helm/commit/0d0f91d1ce277b2c8766cdc4c7aa04dbafbf2503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-21 23:15
Modified
2025-01-09 14:40
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "8CA6134B-AB39-4304-A35A-BC3E4F3BA2A7", versionEndExcluding: "3.14.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.", }, { lang: "es", value: "Helm es un administrador de paquetes para Charts para Kubernetes. Las versiones anteriores a la 3.14.2 contienen una vulnerabilidad variable no inicializada cuando Helm analiza archivos yaml de índice y complemento que carecen del contenido esperado. Cuando a un archivo `index.yaml` o a un archivo de complementos `plugin.yaml` le faltaban todos los metadatos, se producía un pánico en Helm. En el SDK de Helm, esto se encuentra cuando se utilizan las funciones `LoadIndexFile` o `DownloadIndexFile` en el paquete `repo` o la función `LoadDir` en el paquete `plugin`. Para el cliente Helm, esto afecta las funciones relacionadas con la adición de un repositorio y todas las funciones de Helm si se agrega un complemento malicioso, ya que Helm inspecciona todos los complementos conocidos en cada invocación. Este problema se resolvió en Helm v3.14.2. Si se agregó un complemento malicioso que provoca que todos los comandos del cliente Helm entren en pánico, el complemento malicioso se puede eliminar manualmente del sistema de archivos. Si usa versiones de Helm SDK anteriores a la 3.14.2, las llamadas a las funciones afectadas pueden usar \"recover\" para detectar el pánico.", }, ], id: "CVE-2024-26147", lastModified: "2025-01-09T14:40:25.983", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-21T23:15:08.763", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-457", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-908", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-12 14:15
Modified
2024-11-21 04:33
Severity ?
Summary
In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "F98F257F-D7E9-4D84-A155-741FB23DC340", versionEndExcluding: "2.15.2", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.", }, { lang: "es", value: "En Helm versiones 2.x anteriores a 2.15.2, los comandos que se ocupan de cargar un gráfico como un directorio o empaquetar un gráfico ofrecen la oportunidad de que un gráfico diseñado con fines maliciosos incluya contenido confidencial tal y como /etc/passwd o ejecute una denegación de servicio (DoS) por medio de un archivo especial tal y como /dev/urandom, por medio de enlaces simbólicos. No se conoce que ninguna versión de Tiller esté afectada. Este es un problema solo del cliente.", }, ], id: "CVE-2019-18658", lastModified: "2024-11-21T04:33:28.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-12T14:15:11.343", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://helm.sh/blog/2019-10-30-helm-symlink-security-notice/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://helm.sh/blog/2019-10-30-helm-symlink-security-notice/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-24 20:15
Modified
2024-11-21 04:56
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The documented behavior of `helm template` states that it does not attach to a remote cluster. However, a the recently added `lookup` template function circumvents this restriction and connects to the cluster even during `helm template` and `helm install|update|delete|rollback --dry-run`. The user is not notified of this behavior. Running `helm template` should not make calls to a cluster. This is different from `install`, which is presumed to have access to a cluster in order to load resources into Kubernetes. Helm 2 is unaffected by this vulnerability. A malicious chart author could inject a `lookup` into a chart that, when rendered through `helm template`, performs unannounced lookups against the cluster a user's `KUBECONFIG` file points to. This information can then be disclosed via the output of `helm template`. This issue has been fixed in Helm 3.2.0
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/helm/helm/releases/tag/v3.2.0 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/releases/tag/v3.2.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "51D9E69A-2B00-4643-BD5D-74C3EB689213", versionEndExcluding: "3.2.0", versionStartIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The documented behavior of `helm template` states that it does not attach to a remote cluster. However, a the recently added `lookup` template function circumvents this restriction and connects to the cluster even during `helm template` and `helm install|update|delete|rollback --dry-run`. The user is not notified of this behavior. Running `helm template` should not make calls to a cluster. This is different from `install`, which is presumed to have access to a cluster in order to load resources into Kubernetes. Helm 2 is unaffected by this vulnerability. A malicious chart author could inject a `lookup` into a chart that, when rendered through `helm template`, performs unannounced lookups against the cluster a user's `KUBECONFIG` file points to. This information can then be disclosed via the output of `helm template`. This issue has been fixed in Helm 3.2.0", }, { lang: "es", value: "Hay una vulnerabilidad de divulgación de información en Helm desde la versión 3.1.0 y versiones anteriores a la versión 3.2.0. \"lookup\" es una función de plantilla de Helm introducida en Helm versión v3. Puede buscar recursos en el clúster para comprobar la existencia de recursos específicos y obtener detalles sobre ellos. Esto puede ser usado como parte del proceso para renderizar plantillas. El comportamiento documentado de \"helm template\" afirma que no se adjunta a un clúster remoto. Sin embargo, la función de plantilla \"lookup\" agregada recientemente evita esta restricción y se conecta al clúster aún durante \"helm template\" y \"helm install|update|delete|rollback --dry-run\". El usuario no es notificado de este comportamiento. Al ejecutar \"helm template\" no debería hacer llamadas a un clúster. Esto es diferente de \"install\", que se supone que tiene acceso a un clúster para cargar recursos en Kubernetes. Helm versión 2 no está afectado por esta vulnerabilidad. Un autor de gráfico malicioso podría inyectar una \"lookup\" en un gráfico que, cuando es renderizado por medio de \"helm template\", realiza búsquedas no anunciadas contra el clúster al que apunta un archivo \"KUBECONFIG\" de user's. Esta información puede ser revelada por medio de la salida de \"helm template\". Este problema se ha corregido en Helm 3.2.0", }, ], id: "CVE-2020-11013", lastModified: "2024-11-21T04:56:34.950", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 4.7, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-24T20:15:09.793", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/helm/helm/releases/tag/v3.2.0", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/helm/helm/releases/tag/v3.2.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-07 21:15
Modified
2024-11-21 07:12
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "CF12F100-CF74-44E7-9CA3-587E32370849", versionEndExcluding: "3.9.4", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fluxcd:flux2:*:*:*:*:*:*:*:*", matchCriteriaId: "29EFFD48-5825-4DB2-9D8B-44AE793C41F1", versionEndExcluding: "0.32.0", versionStartIncluding: "0.0.17", vulnerable: true, }, { criteria: "cpe:2.3:a:fluxcd:helm-controller:*:*:*:*:*:*:*:*", matchCriteriaId: "D3138403-4B4C-4C3D-A5BF-816E148A7799", versionEndExcluding: "0.23.0", versionStartIncluding: "0.0.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0.", }, { lang: "es", value: "Flux2 es una herramienta para mantener los clusters de Kubernetes sincronizados con las fuentes de configuración, y el controlador Helm de Flux es un operador de Kubernetes que permite administrar de forma declarativa los lanzamientos de gráficos de Helm. Helm-controller está estrechamente integrado con el SDK de Helm. Una vulnerabilidad encontrada en el SDK de Helm que afecta a flux2 versiones v0.0.17 hasta v0.32.0 y a helm-controller versiones v0.0.4 hasta v0.23.0, permite que determinadas entradas de datos causen un alto consumo de memoria. En algunas plataformas, esto podría causar que el controlador entre en pánico y deje de procesar las conciliaciones. En un entorno de clústeres compartidos con múltiples inquilinos, un inquilino podría crear un HelmRelease que hace que el controlador entre en pánico, denegando a todos los demás inquilinos la reconciliación de sus HelmRelease. Los parches están disponibles en flux2 versión v0.32.0 y helm-controller versión v0.23.0", }, ], id: "CVE-2022-36049", lastModified: "2024-11-21T07:12:16.093", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-07T21:15:08.483", references: [ { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44996", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48360", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/fluxcd/flux2/security/advisories/GHSA-p2g7-xwvr-rrw3", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44996", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48360", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/fluxcd/flux2/security/advisories/GHSA-p2g7-xwvr-rrw3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-05 22:15
Modified
2024-11-21 05:47
Severity ?
5.9 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Summary
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used "as is" without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/helm/helm/releases/tag/v3.5.2 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/releases/tag/v3.5.2 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "643A27EB-FF84-4B1D-8FD1-A6CFA877D23C", versionEndExcluding: "3.5.2", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Helm is open-source software which is essentially \"The Kubernetes Package Manager\". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used \"as is\" without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.", }, { lang: "es", value: "\"Helm es un software de código abierto que es esencialmente \"\"The Kubernetes Package Manager\"\". Helm es una herramienta para gestionar Gráficos. Los Gráficos son paquetes de recursos Kubernetes preconfigurados. En Helm versiones desde 3.0 y anteriores a 3.5.2, había algunos casos en los que los datos cargados desde fuentes potencialmente no confiables no eran saneados apropiadamente. Cuando un SemVer en el campo \"\"version\"\" de un gráfico no es válido, en algunos casos Helm permite que la cadena sea usada \"\"as is\"\" sin sanearla. Helm no sanea apropiadamente algunos campos presentes en los archivos \"\"index.yaml\"\" del repositorio Helm. Helm no sanea correctamente algunos campos del fichero \"\"plugin.yaml\"\" para los plugins En algunos casos, Helm no sanea apropiadamente los campos del fichero \"\"Chart.yaml\"\". Al explotar estos vectores de ataque, los mantenedores principales fueron capaces de enviar información engañosa a una pantalla de terminal que ejecutaba el comando \"\"helm\"\", así como oscurecer o alterar la información en la pantalla. En algunos casos, podíamos enviar códigos que los terminales usaban para ejecutar lógica de orden superior, como borrar la pantalla de un terminal. Además, durante la evaluación, los mantenedores de Helm detectaron algunos otros campos que no estaban apropiadamente saneados cuando se leían desde los archivos de índice del repositorio. Esta corrección remedia todos estos casos, y una vez más aplica las políticas de SemVer2 en los campos version. Todos los usuarios de Helm 3 deberían actualizar a la versión corregida 3.5.2 o posterior. Aquellos que usen Helm como una biblioteca deberían verificar que sanean estos datos por su cuenta, o que usan las llamadas apropiadas a la API de Helm para sanear los datos", }, ], id: "CVE-2021-21303", lastModified: "2024-11-21T05:47:58.833", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-05T22:15:12.640", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/helm/helm/releases/tag/v3.5.2", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/helm/helm/releases/tag/v3.5.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-15 19:15
Modified
2024-11-21 06:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "135AAD77-267A-4119-877F-60195A002775", versionEndExcluding: "3.10.3", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions.", }, { lang: "es", value: "Helm es una herramienta para gestionar gráficos, recursos de Kubernetes preconfigurados. Las versiones anteriores a la 3.10.3 están sujetas a la desreferencia de puntero NULL en el _repo_package. El _repo_package contiene un controlador que procesa el archivo de índice de un repositorio. Por ejemplo, el cliente Helm agrega referencias a repositorios de gráficos donde se administran los gráficos. El _repo_package analiza el archivo de índice del repositorio y lo carga en estructuras con las que Go puede trabajar. Algunos archivos de índice pueden provocar la creación de estructuras de datos de matriz, lo que provoca una violación de la memoria. Las aplicaciones que utilizan el _repo_package en el SDK de Helm para analizar un archivo de índice pueden sufrir una Denegación de Servicio (DoS) cuando esa entrada provoca un pánico del que no se puede recuperar. El cliente Helm entrará en pánico con un archivo de índice que provocará una violación de memoria. Helm no es un servicio de larga duración, por lo que el pánico no afectará los usos futuros del cliente Helm. Este problema se solucionó en 3.10.3. Los usuarios del SDK pueden validar los archivos de índice que estén formateados correctamente antes de pasarlos a las funciones _repo_.", }, ], id: "CVE-2022-23525", lastModified: "2024-11-21T06:48:44.937", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-15T19:15:17.027", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-17 22:15
Modified
2024-11-21 05:05
Severity ?
3.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Summary
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "455BCCE5-1D43-4E59-9591-E84B52DAAF0B", versionEndExcluding: "2.16.11", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "B462D769-3FC0-4079-8B48-863F013662EF", versionEndExcluding: "3.3.2", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.", }, { lang: "es", value: "En Helm versiones anteriores a 2.16.11 y 3.3.2, un plugin de Helm puede contener duplicados de la misma entrada, y siempre se usa la última. Si un plugin está comprometido, esto reduce el nivel de acceso que un atacante necesita para modificar los hooks de instalación de un plugin, causando un ataque de ejecución local. Para llevar a cabo este ataque, un atacante necesita tener acceso de escritura al repositorio de git o al archivo de plugins (.tgz) mientras está siendo descargado (lo que puede ocurrir durante un ataque de tipo MITM en una conexión no SSL). Este problema ha sido corregido en Helm versión 2.16.11 y Helm versión 3.3.2. Como posible solución, asegúrese de instalar plugins usando un protocolo de conexión seguro como SSL", }, ], id: "CVE-2020-15187", lastModified: "2024-11-21T05:05:02.123", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-17T22:15:12.647", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, { lang: "en", value: "CWE-694", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-17 22:15
Modified
2024-11-21 05:05
Severity ?
3.4 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Summary
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "455BCCE5-1D43-4E59-9591-E84B52DAAF0B", versionEndExcluding: "2.16.11", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "B462D769-3FC0-4079-8B48-863F013662EF", versionEndExcluding: "3.3.2", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range.", }, { lang: "es", value: "En Helm versiones anteriores a 2.16.11 y 3.3.2, los nombres de los plugins no son saneados apropiadamente. Como resultado, un autor de plugin malicioso podría usar caracteres en un nombre de plugin que resultaría en un comportamiento inesperado, como duplicar el nombre de otro plugin o falsificar la salida en \"helm --help\". Este problema ha sido corregido en Helm versión 3.3.2. Una posible solución es no instalar plugins de Helm que no son de confianza. Examine el campo \"name\" en el archivo \"plugin.yaml\" en busca de un plugin, buscando caracteres fuera del rango [a-zA-Z0-9 ._-]", }, ], id: "CVE-2020-15186", lastModified: "2024-11-21T05:05:01.987", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.4, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-17T22:15:12.520", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-16 22:15
Modified
2024-11-21 06:07
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This issue has been resolved in 3.6.1. There is a workaround through which one may check for improperly passed credentials. One may use a username and password for a Helm repository and may audit the Helm repository in order to check for another domain being used that could have received the credentials. In the `index.yaml` file for that repository, one may look for another domain in the `urls` list for the chart versions. If there is another domain found and that chart version was pulled or installed, the credentials would be passed on.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/helm/helm/releases/tag/v3.6.1 | Third Party Advisory | |
| security-advisories@github.com | https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/releases/tag/v3.6.1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "415DB92F-620D-4399-A9BB-0FF0BBF1F942", versionEndExcluding: "3.6.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This issue has been resolved in 3.6.1. There is a workaround through which one may check for improperly passed credentials. One may use a username and password for a Helm repository and may audit the Helm repository in order to check for another domain being used that could have received the credentials. In the `index.yaml` file for that repository, one may look for another domain in the `urls` list for the chart versions. If there is another domain found and that chart version was pulled or installed, the credentials would be passed on.", }, { lang: "es", value: "Helm es una herramienta para gestionar Charts (paquetes de recursos Kubernetes preconfigurados). En versiones de Helm anteriores a 3.6.1, se presenta una vulnerabilidad en la que las credenciales de nombre de usuario y contraseña asociadas a un repositorio de Helm podrían ser pasadas a otro dominio referenciado por ese repositorio de Helm. Este problema ha sido resuelto en versión 3.6.1. Se presenta una solución que permite comprobar credenciales pasadas inapropiadamente. Puede usar un nombre de usuario y una contraseña para un repositorio Helm y puede auditar el repositorio Helm para comprobar si se está utilizando otro dominio que podría haber recibido las credenciales. En el archivo \"index.yaml\" para ese repositorio, uno puede buscar otro dominio en la lista de \"urls\" para las versiones del gráfico. Si se encuentra otro dominio y esa versión del gráfico fue extraída o instalada, las credenciales se pasarían", }, ], id: "CVE-2021-32690", lastModified: "2024-11-21T06:07:32.377", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-16T22:15:07.737", references: [ { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/releases/tag/v3.6.1", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/releases/tag/v3.6.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-17 22:15
Modified
2024-11-21 05:05
Severity ?
2.2 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Summary
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "455BCCE5-1D43-4E59-9591-E84B52DAAF0B", versionEndExcluding: "2.16.11", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "B462D769-3FC0-4079-8B48-863F013662EF", versionEndExcluding: "3.3.2", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.", }, { lang: "es", value: "En Helm versiones anteriores a 2.16.11 y 3.3.2, un repositorio de Helm puede contener duplicados del mismo gráfico, y siempre se usa el último. Si un repositorio está comprometido, esto reduce el nivel de acceso que necesita un atacante para inyectar un gráfico incorrecto en un repositorio. Para llevar a cabo este ataque, un atacante necesita tener acceso de escritura al archivo de index (lo que puede ocurrir durante un ataque MITM en una conexión no SSL). Este problema ha sido corregido en Helm versiones 3.3.2 y 2.16.11. Una posible solución es revisar manualmente el archivo index en la caché del repositorio de Helm antes de instalar el software", }, ], id: "CVE-2020-15185", lastModified: "2024-11-21T05:05:01.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.2, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-17T22:15:12.443", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, { lang: "en", value: "CWE-694", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-17 21:15
Modified
2024-11-21 04:18
Severity ?
Summary
helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| josh@bress.net | https://github.com/helm/helm/pull/3152 | Patch, Third Party Advisory | |
| josh@bress.net | https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50 | Patch, Third Party Advisory | |
| josh@bress.net | https://github.com/helm/helm/releases/tag/v2.7.2 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/pull/3152 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/releases/tag/v2.7.2 | Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "FD7D397E-0D6D-474F-854B-4989F47C5E86", versionEndExcluding: "2.7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.", }, { lang: "es", value: "helm anterior a versión 2.7.2, está afectado por: CWE-295: Comprobación de Certificado Inapropiado. El impacto es: Los clientes no autorizados podrían conectarse al servidor porque alegaron certificados de cliente autofirmados. El componente es: helm (muchos archivos actualizados, vea https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). El vector de ataque es: Un cliente malicioso podría conectarse al servidor por medio de la red. La versión corregida es: 2.7.2.", }, ], id: "CVE-2019-1010275", lastModified: "2024-11-21T04:18:07.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-17T21:15:10.953", references: [ { source: "josh@bress.net", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/pull/3152", }, { source: "josh@bress.net", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50", }, { source: "josh@bress.net", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/helm/helm/releases/tag/v2.7.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/pull/3152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/helm/helm/releases/tag/v2.7.2", }, ], sourceIdentifier: "josh@bress.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "josh@bress.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-15 19:15
Modified
2024-11-21 06:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "135AAD77-267A-4119-877F-60195A002775", versionEndExcluding: "3.10.3", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions.", }, { lang: "es", value: "Helm es una herramienta para gestionar Charts, recursos de Kubernetes preconfigurados. Las versiones anteriores a la 3.10.3 están sujetas a la desreferencia del puntero NULL en the_chartutil_ package, lo que puede provocar una infracción de segmentación. El paquete _chartutil_ contiene un analizador que carga un archivo de validación de JSON Schema. Por ejemplo, el cliente Helm, al representar un chart, validará sus valores con el archivo de schema. El paquete _chartutil_ analiza el archivo de schema y lo carga en estructuras con las que Go puede trabajar. Algunos archivos de schema pueden provocar la creación de estructuras de datos de matriz, lo que provoca una violación de la memoria. Las aplicaciones que utilizan el paquete _chartutil_ en Helm SDK para analizar un archivo de schema pueden sufrir una Denegación de Servicio (DoS) cuando esa entrada provoca un pánico del que no se puede recuperar. Helm no es un servicio de larga duración, por lo que el pánico no afectará los usos futuros del cliente Helm. Este problema se solucionó en 3.10.3. Los usuarios del SDK pueden validar archivos de schema que estén formateados correctamente antes de pasarlos a las funciones _chartutil_.", }, ], id: "CVE-2022-23526", lastModified: "2024-11-21T06:48:45.063", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-15T19:15:17.167", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-01 13:15
Modified
2024-11-21 07:12
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `--set`, `--set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/helm/helm/releases/tag/v3.9.4 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/releases/tag/v3.9.4 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "CF12F100-CF74-44E7-9CA3-587E32370849", versionEndExcluding: "3.9.4", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `--set`, `--set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.", }, { lang: "es", value: "Helm es una herramienta para administrar Charts. Los Charts son paquetes de recursos Kubernetes preconfigurados. Las pruebas Fuzz, proporcionadas por el CNCF, identificaron la entrada de funciones en el paquete _strvals_ que pueden causar un pánico de memoria. El paquete _strvals_ contiene un analizador que convierte las cadenas en estructuras Go. El paquete _strvals_ convierte estas cadenas en estructuras con las que Go puede trabajar. Algunas entradas de cadenas pueden causar la creación de estructuras de datos de array causando un pánico de memoria. Las aplicaciones que usan el paquete _strvals_ en el SDK de Helm para analizar la entrada suministrada por el usuario pueden sufrir una Denegación de Servicio cuando esa entrada causa un pánico del que no puede recuperarse. El cliente de Helm entrará en pánico con la entrada de \"--set\", \"--set-string\", y otros flags de configuración de valores que causan un pánico de memoria. Helm no es un servicio de larga duración, por lo que el pánico no afectará a futuros usos del cliente Helm. Este problema ha sido resuelto en versión 3.9.4. Los usuarios del SDK pueden comprender que las cadenas suministradas por los usuarios no crearán matrices grandes que causen un uso significativo de la memoria antes de pasarlas a las funciones _strvals_", }, ], id: "CVE-2022-36055", lastModified: "2024-11-21T07:12:16.797", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-01T13:15:08.930", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/helm/helm/releases/tag/v3.9.4", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/helm/helm/releases/tag/v3.9.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-16 22:15
Modified
2024-11-21 05:32
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "F90E5468-5EE9-4943-ACCF-2E1F6BC013ED", versionEndExcluding: "3.2.4", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.", }, { lang: "es", value: "En Helm versiones superiores o iguales a 3.0.0 y menores a 3.2.4, es posible un ataque de salto de ruta al instalar plugins de Helm desde un archivo tar por medio de HTTP. Es posible que un autor de plugin malicioso inyecte una ruta relativa en un archivo de plugin y copie un archivo fuera del directorio previsto. Esto se ha corregido en la versión 3.2.4", }, ], id: "CVE-2020-4053", lastModified: "2024-11-21T05:32:13.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 8.5, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 2.5, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-16T22:15:10.597", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/helm/helm/releases/tag/v3.2.4", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/helm/helm/releases/tag/v3.2.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-17 21:15
Modified
2024-11-21 05:05
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Summary
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "455BCCE5-1D43-4E59-9591-E84B52DAAF0B", versionEndExcluding: "2.16.11", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "B462D769-3FC0-4079-8B48-863F013662EF", versionEndExcluding: "3.3.2", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters.", }, { lang: "es", value: "En Helm versiones anteriores a 2.16.11 y 3.3.2, se presenta un error en el que el campo \"alias\" en un archivo \"Chart.yaml\" no es saneado apropiadamente. Esto podría conllevar a la inyección de información no deseada en un gráfico. Este problema ha sido corregido en Helm versiones 3.3.2 y 2.16.11. Una posible solución es revisar manualmente que el campo \"dependencies\" de cualquier gráfico no sea de confianza, verificando que el campo \"alias\" no sea usado o (si se utiliza) no contenga nuevas líneas o caracteres de ruta", }, ], id: "CVE-2020-15184", lastModified: "2024-11-21T05:05:01.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-17T21:15:17.550", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-15 19:15
Modified
2024-11-21 06:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", matchCriteriaId: "135AAD77-267A-4119-877F-60195A002775", versionEndExcluding: "3.10.3", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.", }, { lang: "es", value: "Helm es una herramienta para gestionar gráficos, recursos de Kubernetes preconfigurados. Las versiones anteriores a la 3.10.3 están sujetas a un consumo incontrolado de recursos, lo que resulta en una Denegación de Servicio (DoS). La entrada a funciones en _strvals_ package puede provocar un desbordamiento de la pila. En Go, no se puede recuperar un desbordamiento de pila. Las aplicaciones que usan funciones de _strvals_ package en Helm SDK pueden sufrir un ataque de Denegación de Servicio (DoS) cuando usan este paquete y entran en pánico. Este problema se solucionó en 3.10.3. Los usuarios del SDK pueden validar que las cadenas proporcionadas por los usuarios no creen matrices grandes que provoquen un uso significativo de la memoria antes de pasarlas a las _strvals_ functions.", }, ], id: "CVE-2022-23524", lastModified: "2024-11-21T06:48:44.807", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-15T19:15:16.863", references: [ { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }