Vulnerabilities > CVE-2020-4053 - Unspecified vulnerability in Helm
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 27 |
References
- https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688
- https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688
- https://github.com/helm/helm/releases/tag/v3.2.4
- https://github.com/helm/helm/releases/tag/v3.2.4
- https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f
- https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f