GHSA-x6r5-vxfg-gq3v

Suggest an improvement
Source
https://github.com/advisories/GHSA-x6r5-vxfg-gq3v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x6r5-vxfg-gq3v/GHSA-x6r5-vxfg-gq3v.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-x6r5-vxfg-gq3v
Aliases
Published
2022-05-24T16:50:33Z
Modified
2023-11-08T04:00:41.328158Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Helm Improper Certificate Validation
Details

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.

References

Affected packages

Go / helm.sh/helm

Package

Name
helm.sh/helm
View open source insights on deps.dev
Purl
pkg:golang/helm.sh/helm

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.2