GHSA-xrxm-mvqm-r553

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Helm Path Traversal

All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands helm fetch --untar and helm lint some.tgz that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2.

Ссылки

Пакеты

Наименование

helm.sh/helm

Затронутые версииВерсия исправления

>= 2.0.0, < 2.12.2

2.12.2

EPSS

Процентиль: 45%

0.0023

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2019-1000008

Дефекты

CWE-22

Связанные уязвимости

CVE-2019-1000008

CVSS3: 6.5

nvd

около 7 лет назад

All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2.

CVE-2019-1000008

CVSS3: 6.5

debian

около 7 лет назад

All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE- ...

BDU:2020-04871

CVSS3: 6.5

fstec

около 7 лет назад

Уязвимость пакетного менеджера Helm, существующая из-за неверного ограничения имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить распаковку файлов архива диаграмм за пределами целевого каталога

EPSS

Процентиль: 45%

0.0023

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2019-1000008

Дефекты

CWE-22