Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
helm helm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-36049
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability fo...
Helm Helm
Fluxcd Helm-controller
Fluxcd Flux2
8.6
CVSSv3
CVE-2021-32690
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm before 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Hel...
Helm Helm
2.7
CVSSv3
CVE-2020-15184
In Helm prior to 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manu...
Helm Helm
2.7
CVSSv3
CVE-2020-15185
In Helm prior to 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, a...
Helm Helm
2.7
CVSSv3
CVE-2020-15186
In Helm prior to 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help...
Helm Helm
9.8
CVSSv3
CVE-2019-1010275
helm prior to 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/file...
Helm Helm
9.8
CVSSv3
CVE-2019-18658
In Helm 2.x prior to 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /d...
Helm Helm
7.5
CVSSv3
CVE-2022-23524
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions before 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot...
Helm Helm
7.5
CVSSv3
CVE-2022-23525
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions before 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds ref...
Helm Helm
7.5
CVSSv3
CVE-2022-23526
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions before 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation...
Helm Helm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »