An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).
Exposure of Sensitive Information to an Unauthorized Actor
-
Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
---|---|---|---|---|---|
helm.sh/helm/v3 | golang | - | - | >=3.0.0,<=3.14.2 | Not yet available |
Severity and metrics
No CVSS data available from this source.
-
CGA-6cw7-c57f-pcxw
-
CGA-3765-975m-4wp2
-
CGA-2cj2-8mc2-3rx5
-
CGA-2359-w7f8-hwcm
-
CGA-57wv-cx35-8wwj
-
CGA-594h-8wm6-67qq
-
CGA-5h54-6x82-6mj7
-
CGA-gggw-c957-cc4r
-
CGA-gm43-rf72-687v
-
CGA-fgqm-2j7g-887c
-
CGA-mxvx-4pcp-f7gc
-
CGA-wrq5-qjch-p7wf
-
CGA-x237-v27j-pwg7
-
CGA-2w6c-9967-2m98
-
CGA-337p-jfx9-hj55
-
CGA-6frq-wh54-6rc8
-
CGA-mrx5-p97r-j2f3
-
CGA-w3wh-5wj5-7fjq
-
CGA-wp67-cpgg-6hjq
-
CGA-83w8-8q2w-9vvv
-
CGA-85vf-9g7x-h648
-
CGA-867p-28cp-c6wp
-
CGA-88p6-65c2-4888
-
CGA-r776-6mc7-f8cc
-
CGA-rjwg-33wh-5r8w
-
CGA-4w9g-ffhm-3ppm
-
CGA-56xq-fvfc-hx7h
-
CGA-x9pq-7c2p-q6j2
-
CGA-xj2h-hmvh-f742
-
CGA-645w-jfx9-2mfx
-
CGA-h6vp-m9pp-mfxr
-
CGA-hggv-67cc-rjpf
-
CGA-c3vw-phcc-7vhv
-
CGA-jwpw-h2f3-frx4
-
CGA-m3fr-q79h-cxqv
-
CGA-8cpr-3643-vxw8
-
CGA-h3mx-jvxm-3p75
-
CGA-h674-7fqh-7p26
-
CGA-rp7w-g86x-hpg4
-
CGA-q4m3-c6hw-6gvv
-
CGA-q85j-83g4-mpgh
-
CGA-x76g-3jw7-c6wg
-