CVE-2020-11013 — Sensitive Information Exposure in Helm V3

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

5.0MEDIUMNVD

CNA8.5

EPSS

0.2%

top 55.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Helm.sh Helm V3 Helm

Timeline

PublishedApr 24

Latest updateMay 27

Description

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The documented behavior of `helm template` states that it does not attach to a remote cluster. However, a the recently added `lookup` template function ci…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages3 packages

▶NVDhelm/helm3.1.0 — 3.2.0

▶Gohelm.sh/helm_v33.0.0 — 3.1.3

▶CVEListV5helm/helm>= 3.1.0, < 3.2.0

🔴Vulnerability Details

OSV

Lookup function information discolosure in helm↗2021-05-27

▶

GHSA

Lookup function information discolosure in helm↗2021-05-27

▶

CVEList

lookup Function Information Discolosure in Helm↗2020-04-24

▶

OSV

CVE-2020-11013: Their is an information disclosure vulnerability in Helm from version 3↗2020-04-24

▶

📋Vendor Advisories

Red Hat

helm: information discolosure via the lookup function↗2020-04-22

▶

💬Community

Bugzilla

CVE-2020-11013 helm: information discolosure via the lookup function↗2020-06-18

▶