CVE-2020-4053

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.

CVSS v3 6.8 MEDIUM
CVSS v2.0 8.5 HIGH

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688	Patch
https://github.com/helm/helm/releases/tag/v3.2.4	Release Notes
https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*

History

08 Feb 2024, 02:11

Type	Values Removed	Values Added
References	~~(CONFIRM) https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f - Third Party Advisory~~	(CONFIRM) https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f - Vendor Advisory

Information

Published : 2020-06-16 22:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-4053

Mitre link : CVE-2020-4053

CVE.ORG link : CVE-2020-4053

JSON object : View

Products Affected

helm

helm

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2020-4053", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.2}]}, "published": "2020-06-16T22:15:10.597", "references": [{"url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/helm/helm/releases/tag/v3.2.4", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."}, {"lang": "es", "value": "En Helm versiones superiores o iguales a 3.0.0 y menores a 3.2.4, es posible un ataque de salto de ruta al instalar plugins de Helm desde un archivo tar por medio de HTTP. Es posible que un autor de plugin malicioso inyecte una ruta relativa en un archivo de plugin y copie un archivo fuera del directorio previsto. Esto se ha corregido en la versi\u00f3n 3.2.4"}], "lastModified": "2024-02-08T02:11:32.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F90E5468-5EE9-4943-ACCF-2E1F6BC013ED", "versionEndExcluding": "3.2.4", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}