Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-jw44-4f3j-q396: Helm shows secrets in clear text

An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor’s position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).

ghsa
#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2019-25210

Helm shows secrets in clear text

Moderate severity GitHub Reviewed Published Mar 3, 2024 to the GitHub Advisory Database • Updated Mar 5, 2024

Package

gomod helm.sh/helm/v3 (Go)

Affected versions

>= 3.0.0, <= 3.14.2

An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor’s position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).

References

  • https://nvd.nist.gov/vuln/detail/CVE-2019-25210
  • helm/helm#7275
  • https://www.cncf.io/projects/helm

Published to the GitHub Advisory Database

Mar 3, 2024

Related news

Red Hat Security Advisory 2024-0041-03

Red Hat Security Advisory 2024-0041-03 - Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service, memory exhaustion, password leak, and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2024-1570-03

Red Hat Security Advisory 2024-1570-03 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1549-03

Red Hat Security Advisory 2024-1549-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Issues addressed include a traversal vulnerability.