Bitnami package
helm
pkg:bitnami/helm
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15185 | — | >= 2.0.0, < 2.16.11 | 2.16.11 | Sep 17, 2020 | In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this at | ||
| CVE-2020-15184 | — | >= 2.0.0, < 2.16.11 | 2.16.11 | Sep 17, 2020 | In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is | ||
| CVE-2020-4053 | — | >= 3.0.0, < 3.2.4 | 3.2.4 | Jun 16, 2020 | In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the | ||
| CVE-2020-11013 | — | >= 3.1.0, < 3.2.0 | 3.2.0 | Apr 24, 2020 | Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about t |
- CVE-2020-15185Sep 17, 2020affected >= 2.0.0, < 2.16.11fixed 2.16.11
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this at
- CVE-2020-15184Sep 17, 2020affected >= 2.0.0, < 2.16.11fixed 2.16.11
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is
- CVE-2020-4053Jun 16, 2020affected >= 3.0.0, < 3.2.4fixed 3.2.4
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the
- CVE-2020-11013Apr 24, 2020affected >= 3.1.0, < 3.2.0fixed 3.2.0
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about t
Page 2 of 2