
Published: 03/03/2024 Updated: 17/05/2024

Vulnerability Summary

An issue exists in Cloud Native Computing Foundation (CNCF) Helm up to and including 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.

Vulnerability Trend

Github Repositories

要約 レポジトリ内でopenvexのファイルを管理する構成 defaultブランチの ${repo root}/vex をVEXファイルの置き場とする ファイル名は、 openvexjson か、 openvexjson という拡張子を持ったファイルとする 複数のopenvexファイルを持つ場合は、${repo root}/vex 直下に置く 構成 githubでのデフォルト