Vulnerabilities > Helm

DATE CVE VULNERABILITY TITLE RISK
2020-09-17 CVE-2020-15185 Unspecified vulnerability in Helm
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used.
network
low complexity
helm
2.7
2020-09-17 CVE-2020-15184 Injection vulnerability in Helm
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized.
network
low complexity
helm CWE-74
2.7
2020-06-16 CVE-2020-4053 Unspecified vulnerability in Helm
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP.
network
low complexity
helm
6.8
2020-04-24 CVE-2020-11013 Information Exposure vulnerability in Helm
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0.
network
low complexity
helm CWE-200
5.0
2019-11-12 CVE-2019-18658 Link Following vulnerability in Helm
In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks.
network
low complexity
helm CWE-59
critical
9.8
2019-07-17 CVE-2019-1010275 Improper Certificate Validation vulnerability in Helm
helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation.
network
low complexity
helm CWE-295
critical
9.8
2019-02-04 CVE-2019-1000009 Path Traversal vulnerability in Helm Chartmuseum
Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location.
network
low complexity
helm CWE-22
6.5
2019-02-04 CVE-2019-1000008 Path Traversal vulnerability in Helm
All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory.
network
low complexity
helm CWE-22
6.5