CVE-2019-1010275Improper Certificate Validation in Helm

CWE-295Improper Certificate Validation6 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 46.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Helm.sh HelmHelm
Timeline
PublishedJul 17
Latest updateAug 20

Description

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDhelm/helm< 2.7.2
Gohelm.sh/helm< 2.7.2+1
CVEListV5helm/helmBefore 2.7.2 [fixed: 2.7.2]

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
Helm Improper Certificate Validation in helm.sh/helm2024-08-20
GHSA
Helm Improper Certificate Validation2022-05-24
OSV
Helm Improper Certificate Validation2022-05-24
CVEList
CVE-2019-1010275: helm Before 22019-07-17
OSV
CVE-2019-1010275: helm Before 22019-07-17
CVE-2019-1010275 — Improper Certificate Validation | cvebase