CVE-2019-25210

SOURCE - github

Summary

An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).

EPSS Score⁠: 0.00045 (0.163)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

SOURCE - github

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

SOURCE - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Sources (48)

Impacted images

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.