logo

Database

Insecure session management In helm.sh/helm/v3

Description

Helm Unsafe Link Following In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-186582. NVD-2019-186583. OSV-2019-186584. GHSA-p5pc-m4q7-7qm95. GCVE-2019-18658

References

1. https://helm.sh/blog/2019-10-30-helm-symlink-security-notice/2. https://helm.sh/blog/2019-10-30-helm-symlink-security-notice

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-NTQIJ – Vulnerability | Fluid Attacks Database