GHSA-x6r5-vxfg-gq3v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x6r5-vxfg-gq3v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x6r5-vxfg-gq3v/GHSA-x6r5-vxfg-gq3v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-x6r5-vxfg-gq3v
- Aliases
- Published
- 2022-05-24T16:50:33Z
- Modified
- 2024-08-20T20:58:42.250847Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Helm Improper Certificate Validation
- Details
-
helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.
- Database specific
{ "nvd_published_at": "2019-07-17T21:15:00Z", "severity": "CRITICAL", "github_reviewed_at": "2023-08-01T23:17:41Z", "github_reviewed": true, "cwe_ids": [ "CWE-295" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010275
- https://github.com/helm/helm/pull/3152
- https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50
- https://github.com/helm/helm/commit/1096813bf9a425e2aa4ac755b6c991b626dfab50
- https://github.com/helm/helm/releases/tag/v2.7.2
Affected packages
Go / helm.sh/helm
Package
- Name
- helm.sh/helm
- View open source insights on deps.dev
- Purl
- pkg:golang/helm.sh/helm