cvelistv5 - cve-2020-4053

CVE-2020-4053 (GCVE-0-2020-4053)

Vulnerability from cvelistv5 – Published: 2020-06-16 22:00 – Updated: 2024-08-04 07:52

Summary

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/helm/helm/security/advisories/…	x_refsource_CONFIRM
	https://github.com/helm/helm/commit/0ad800ef43d3b…	x_refsource_MISC
	https://github.com/helm/helm/releases/tag/v3.2.4	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	The Helm Project	Helm	Affected: >= 3.0.0, < 3.2.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:52:20.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/helm/helm/releases/tag/v3.2.4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Helm",
          "vendor": "The Helm Project",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.2.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-16T22:00:19",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/helm/helm/releases/tag/v3.2.4"
        }
      ],
      "source": {
        "advisory": "GHSA-qq3j-xp49-j73f",
        "discovery": "UNKNOWN"
      },
      "title": "Path Traversal in Helm Plugin Archive",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-4053",
          "STATE": "PUBLIC",
          "TITLE": "Path Traversal in Helm Plugin Archive"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Helm",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 3.0.0, \u003c 3.2.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Helm Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f",
              "refsource": "CONFIRM",
              "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"
            },
            {
              "name": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688",
              "refsource": "MISC",
              "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"
            },
            {
              "name": "https://github.com/helm/helm/releases/tag/v3.2.4",
              "refsource": "MISC",
              "url": "https://github.com/helm/helm/releases/tag/v3.2.4"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-qq3j-xp49-j73f",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-4053",
    "datePublished": "2020-06-16T22:00:19",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-08-04T07:52:20.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndExcluding\": \"3.2.4\", \"matchCriteriaId\": \"F90E5468-5EE9-4943-ACCF-2E1F6BC013ED\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.\"}, {\"lang\": \"es\", \"value\": \"En Helm versiones superiores o iguales a 3.0.0 y menores a 3.2.4, es posible un ataque de salto de ruta al instalar plugins de Helm desde un archivo tar por medio de HTTP. Es posible que un autor de plugin malicioso inyecte una ruta relativa en un archivo de plugin y copie un archivo fuera del directorio previsto. Esto se ha corregido en la versi\\u00f3n 3.2.4\"}]",
      "id": "CVE-2020-4053",
      "lastModified": "2024-11-21T05:32:13.927",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:C/I:C/A:C\", \"baseScore\": 8.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 6.8, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-06-16T22:15:10.597",
      "references": "[{\"url\": \"https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/helm/helm/releases/tag/v3.2.4\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/helm/helm/releases/tag/v3.2.4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-4053\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-06-16T22:15:10.597\",\"lastModified\":\"2024-11-21T05:32:13.927\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.\"},{\"lang\":\"es\",\"value\":\"En Helm versiones superiores o iguales a 3.0.0 y menores a 3.2.4, es posible un ataque de salto de ruta al instalar plugins de Helm desde un archivo tar por medio de HTTP. Es posible que un autor de plugin malicioso inyecte una ruta relativa en un archivo de plugin y copie un archivo fuera del directorio previsto. Esto se ha corregido en la versi\u00f3n 3.2.4\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:C/I:C/A:C\",\"baseScore\":8.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.8,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.2.4\",\"matchCriteriaId\":\"F90E5468-5EE9-4943-ACCF-2E1F6BC013ED\"}]}]}],\"references\":[{\"url\":\"https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/helm/helm/releases/tag/v3.2.4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/helm/helm/releases/tag/v3.2.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2020-4053

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-4053

Aliases

CVE-2020-4053

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-4053",
    "description": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.",
    "id": "GSD-2020-4053",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-4053.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-4053"
      ],
      "details": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.",
      "id": "GSD-2020-4053",
      "modified": "2023-12-13T01:21:48.278666Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-4053",
        "STATE": "PUBLIC",
        "TITLE": "Path Traversal in Helm Plugin Archive"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Helm",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 3.0.0, \u003c 3.2.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "The Helm Project"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f",
            "refsource": "CONFIRM",
            "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"
          },
          {
            "name": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688",
            "refsource": "MISC",
            "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"
          },
          {
            "name": "https://github.com/helm/helm/releases/tag/v3.2.4",
            "refsource": "MISC",
            "url": "https://github.com/helm/helm/releases/tag/v3.2.4"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-qq3j-xp49-j73f",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=3.0.0 \u003c3.2.4",
          "affected_versions": "All versions starting from 3.0.0 before 3.2.4",
          "cvss_v2": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2021-06-23",
          "description": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.",
          "fixed_versions": [
            "3.2.4"
          ],
          "identifier": "CVE-2020-4053",
          "identifiers": [
            "GHSA-qq3j-xp49-j73f",
            "CVE-2020-4053"
          ],
          "not_impacted": "All versions before 3.0.0, all versions starting from 3.2.4",
          "package_slug": "go/helm.sh/helm/v3/pkg/plugin/installer",
          "pubdate": "2021-06-23",
          "solution": "Upgrade to version 3.2.4 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f",
            "https://nvd.nist.gov/vuln/detail/CVE-2020-4053",
            "https://github.com/helm/helm/pull/8317",
            "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688",
            "https://github.com/helm/helm/commit/b6bbe4f08bbb98eadd6c9cd726b08a5c639908b3",
            "https://github.com/helm/helm/releases/tag/v3.2.4",
            "https://github.com/advisories/GHSA-qq3j-xp49-j73f"
          ],
          "uuid": "ad293f33-67f2-43b9-9ec9-05a3d59a61f4"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F90E5468-5EE9-4943-ACCF-2E1F6BC013ED",
                    "versionEndExcluding": "3.2.4",
                    "versionStartIncluding": "3.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."
          },
          {
            "lang": "es",
            "value": "En Helm versiones superiores o iguales a 3.0.0 y menores a 3.2.4, es posible un ataque de salto de ruta al instalar plugins de Helm desde un archivo tar por medio de HTTP. Es posible que un autor de plugin malicioso inyecte una ruta relativa en un archivo de plugin y copie un archivo fuera del directorio previsto. Esto se ha corregido en la versi\u00f3n 3.2.4"
          }
        ],
        "id": "CVE-2020-4053",
        "lastModified": "2024-02-08T02:11:32.513",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 6.8,
              "impactScore": 10.0,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 0.9,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.2,
              "impactScore": 2.5,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2020-06-16T22:15:10.597",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Release Notes"
            ],
            "url": "https://github.com/helm/helm/releases/tag/v3.2.4"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-22"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

CNVD-2020-52695

Vulnerability from cnvd - Published: 2020-09-18

Title

helm路径遍历漏洞

Description

helm是一款Kubernetes包管理器。 helm 3.0.0及之后版本（3.2.4版本已修复）中存在路径遍历漏洞。攻击者可通过发送在‘path’参数中包含‘/../’序列的tar文件利用该漏洞覆盖系统上的任意文件。

Severity

高

Patch Name

helm路径遍历漏洞的补丁

Patch Description

helm是一款Kubernetes包管理器。 helm 3.0.0及之后版本（3.2.4版本已修复）中存在路径遍历漏洞。攻击者可通过发送在‘path’参数中包含‘/../’序列的tar文件利用该漏洞覆盖系统上的任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/helm/helm/releases/tag/v3.2.4

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-4053

Impacted products

Name
helm helm >=3.0.0，<3.2.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-4053"
    }
  },
  "description": "helm\u662f\u4e00\u6b3eKubernetes\u5305\u7ba1\u7406\u5668\u3002\n\nhelm 3.0.0\u53ca\u4e4b\u540e\u7248\u672c\uff083.2.4\u7248\u672c\u5df2\u4fee\u590d\uff09\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5728\u2018path\u2019\u53c2\u6570\u4e2d\u5305\u542b\u2018/../\u2019\u5e8f\u5217\u7684tar\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/helm/helm/releases/tag/v3.2.4",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-52695",
  "openTime": "2020-09-18",
  "patchDescription": "helm\u662f\u4e00\u6b3eKubernetes\u5305\u7ba1\u7406\u5668\u3002\r\n\r\nhelm 3.0.0\u53ca\u4e4b\u540e\u7248\u672c\uff083.2.4\u7248\u672c\u5df2\u4fee\u590d\uff09\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5728\u2018path\u2019\u53c2\u6570\u4e2d\u5305\u542b\u2018/../\u2019\u5e8f\u5217\u7684tar\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "helm\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "helm helm \u003e=3.0.0\uff0c\u003c3.2.4"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-4053",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-17",
  "title": "helm\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

FKIE_CVE-2020-4053

Vulnerability from fkie_nvd - Published: 2020-06-16 22:15 - Updated: 2024-11-21 05:32

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688	Patch
security-advisories@github.com	https://github.com/helm/helm/releases/tag/v3.2.4	Release Notes
security-advisories@github.com	https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/helm/helm/releases/tag/v3.2.4	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f	Vendor Advisory

Impacted products

	Vendor	Product	Version
	helm	helm	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F90E5468-5EE9-4943-ACCF-2E1F6BC013ED",
              "versionEndExcluding": "3.2.4",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."
    },
    {
      "lang": "es",
      "value": "En Helm versiones superiores o iguales a 3.0.0 y menores a 3.2.4, es posible un ataque de salto de ruta al instalar plugins de Helm desde un archivo tar por medio de HTTP. Es posible que un autor de plugin malicioso inyecte una ruta relativa en un archivo de plugin y copie un archivo fuera del directorio previsto. Esto se ha corregido en la versi\u00f3n 3.2.4"
    }
  ],
  "id": "CVE-2020-4053",
  "lastModified": "2024-11-21T05:32:13.927",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-16T22:15:10.597",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/helm/helm/releases/tag/v3.2.4"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/helm/helm/releases/tag/v3.2.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-QQ3J-XP49-J73F

Vulnerability from github – Published: 2021-06-23 18:14 – Updated: 2024-02-13 16:33

Summary

Plugin archive directory traversal in Helm

Details

The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.2.3.

Impact

A traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory.

Traversal Attacks are a form of a Directory Traversal that can be exploited by extracting files from an archive. The premise of the Directory Traversal vulnerability is that an attacker can gain access to parts of the file system outside of the target folder in which they should reside. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving Remote Command Execution on the victim's machine. The vulnerability can also cause damage by overwriting configuration files or other sensitive resources, and can be exploited on both client (user) machines and servers.

https://snyk.io/research/zip-slip-vulnerability

Specific Go Packages Affected

helm.sh/helm/v3/pkg/plugin/installer

Patches

This issue has been fixed in Helm 3.2.4

For more information

If you have any questions or comments about this advisory: * Open an issue in the Helm repository * For security-specific issues, email us at cncf-helm-security@lists.cncf.io

Severity ?

3.7 (Low)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "helm.sh/helm/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-4053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-24T20:57:17Z",
    "nvd_published_at": "2020-06-16T22:15:10Z",
    "severity": "LOW"
  },
  "details": "The Helm core maintainers have identified an information disclosure\nvulnerability in Helm 3.0.0-3.2.3. \n\n### Impact\n\nA traversal attack is possible when installing Helm plugins from a tar\narchive over HTTP.  It is possible for a malicious plugin author to inject a relative\npath into a plugin archive, and copy a file outside of the intended directory.\n\nTraversal Attacks are a form of a Directory Traversal that can be exploited by\nextracting files from an archive. The premise of the Directory Traversal\nvulnerability is that an attacker can gain access to parts of the file system\noutside of the target folder in which they should reside. The attacker can\nthen overwrite executable files and either invoke them remotely or wait for\nthe system or user to call them, thus achieving Remote Command Execution on\nthe victim\u0027s machine. The vulnerability can also cause damage by overwriting\nconfiguration files or other sensitive resources, and can be exploited on both\nclient (user) machines and servers.\n\nhttps://snyk.io/research/zip-slip-vulnerability\n\n### Specific Go Packages Affected\nhelm.sh/helm/v3/pkg/plugin/installer\n\n### Patches\n\nThis issue has been fixed in Helm 3.2.4 \n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the Helm repository](https://github.com/helm/helm/issues)\n* For security-specific issues, email us at [cncf-helm-security@lists.cncf.io](mailto:cncf-helm-security@lists.cncf.io)",
  "id": "GHSA-qq3j-xp49-j73f",
  "modified": "2024-02-13T16:33:08Z",
  "published": "2021-06-23T18:14:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4053"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/pull/8317"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/b6bbe4f08bbb98eadd6c9cd726b08a5c639908b3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/releases/tag/v3.2.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Plugin archive directory traversal in Helm"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-4053 (GCVE-0-2020-4053)

GSD-2020-4053

CNVD-2020-52695

FKIE_CVE-2020-4053

GHSA-QQ3J-XP49-J73F

Impact

Specific Go Packages Affected

Patches

For more information

Tags

Sightings

Nomenclature