Описание
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.
A flaw was found in the Helm plugin installation, where it was vulnerable to path traversal attacks. This flaw allows an attacker to create specially crafted plugin archives to create files outside of the plugin directory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 16.2 | osp-director-provisioner-container | Not affected | ||
| Red Hat OpenStack Platform 16.2 | rhosp-rhel8-tech-preview/osp-director-downloader | Not affected | ||
| Red Hat OpenStack Platform 16.2 | rhosp-rhel8-tech-preview/osp-director-operator | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path tra ...
EPSS
6.4 Medium
CVSS3