GHSA-jw44-4f3j-q396
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jw44-4f3j-q396
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-jw44-4f3j-q396/GHSA-jw44-4f3j-q396.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jw44-4f3j-q396
- Aliases
-
- CVE-2019-25210
- Related
- Published
- 2024-03-03T21:31:25Z
- Modified
- 2024-07-15T22:00:19.674427Z
- Summary
- Helm shows secrets in clear text
- Details
-
An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).
- Database specific
{ "nvd_published_at": "2024-03-03T21:15:49Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-03-05T14:39:00Z" }- References
Affected packages
Go / helm.sh/helm/v3
Package
- Name
- helm.sh/helm/v3
- View open source insights on deps.dev
- Purl
- pkg:golang/helm.sh/helm/v3