ghsa-qq3j-xp49-j73f
Vulnerability from github
Published
2021-06-23 18:14
Modified
2024-02-13 16:33
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
Plugin archive directory traversal in Helm
Details

The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.2.3.

Impact

A traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory.

Traversal Attacks are a form of a Directory Traversal that can be exploited by extracting files from an archive. The premise of the Directory Traversal vulnerability is that an attacker can gain access to parts of the file system outside of the target folder in which they should reside. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving Remote Command Execution on the victim's machine. The vulnerability can also cause damage by overwriting configuration files or other sensitive resources, and can be exploited on both client (user) machines and servers.

https://snyk.io/research/zip-slip-vulnerability

Specific Go Packages Affected

helm.sh/helm/v3/pkg/plugin/installer

Patches

This issue has been fixed in Helm 3.2.4

For more information

If you have any questions or comments about this advisory: * Open an issue in the Helm repository * For security-specific issues, email us at cncf-helm-security@lists.cncf.io

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "helm.sh/helm/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-4053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-24T20:57:17Z",
    "nvd_published_at": "2020-06-16T22:15:10Z",
    "severity": "LOW"
  },
  "details": "The Helm core maintainers have identified an information disclosure\nvulnerability in Helm 3.0.0-3.2.3. \n\n### Impact\n\nA traversal attack is possible when installing Helm plugins from a tar\narchive over HTTP.  It is possible for a malicious plugin author to inject a relative\npath into a plugin archive, and copy a file outside of the intended directory.\n\nTraversal Attacks are a form of a Directory Traversal that can be exploited by\nextracting files from an archive. The premise of the Directory Traversal\nvulnerability is that an attacker can gain access to parts of the file system\noutside of the target folder in which they should reside. The attacker can\nthen overwrite executable files and either invoke them remotely or wait for\nthe system or user to call them, thus achieving Remote Command Execution on\nthe victim\u0027s machine. The vulnerability can also cause damage by overwriting\nconfiguration files or other sensitive resources, and can be exploited on both\nclient (user) machines and servers.\n\nhttps://snyk.io/research/zip-slip-vulnerability\n\n### Specific Go Packages Affected\nhelm.sh/helm/v3/pkg/plugin/installer\n\n### Patches\n\nThis issue has been fixed in Helm 3.2.4 \n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the Helm repository](https://github.com/helm/helm/issues)\n* For security-specific issues, email us at [cncf-helm-security@lists.cncf.io](mailto:cncf-helm-security@lists.cncf.io)",
  "id": "GHSA-qq3j-xp49-j73f",
  "modified": "2024-02-13T16:33:08Z",
  "published": "2021-06-23T18:14:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4053"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/pull/8317"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/b6bbe4f08bbb98eadd6c9cd726b08a5c639908b3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/releases/tag/v3.2.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Plugin archive directory traversal in Helm"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.