CVE-2019-25210

EPSS 0.22%
Veröffentlicht 03.03.2024 21:15:49
Zuletzt bearbeitet 11.02.2025 15:58:14
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Helm ≫ Helm Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.449

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/helm/helm/issues/7275

Issue Tracking

https://helm.sh/blog/response-cve-2019-25210/

Vendor Advisory

https://www.cncf.io/projects/helm/

Product

https://nvd.nist.gov/vuln/detail/CVE-2019-25210

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-25210

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-25210

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-25210