Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
helm helm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25620
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected direct...
828
VMScore
CVE-2021-23154
In Lens before 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.
Mirantis Lens
NA
CVE-2024-29037
datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limi...
356
VMScore
CVE-2020-14470
In Octopus Deploy 2018.8.0 up to and including 2019.x prior to 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.
Octopus Octopus Deploy
383
VMScore
CVE-2005-4747
Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm prior to 3.2.6 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors involving the default page.
356
VMScore
CVE-2022-31036
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A ...
Linuxfoundation Argo-cd 2.3.4
Linuxfoundation Argo-cd 2.4.0
Linuxfoundation Argo-cd 2.2.9
Linuxfoundation Argo-cd
NA
CVE-2019-25210
An issue exists in Cloud Native Computing Foundation (CNCF) Helm up to and including 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is ...
1 Github repository
357
VMScore
CVE-2022-24348
Argo CD prior to 2.1.9 and 2.2.x prior to 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
Linuxfoundation Argo-cd
NA
CVE-2023-0518
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 15.6.7, all versions starting from 15.7 prior to 15.7.6, all versions starting from 15.8 prior to 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.
Gitlab Gitlab
NA
CVE-2024-29893
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server comp...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »