CVE-2020-15187

Duplicate plugin entries in Helm

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.

En Helm versiones anteriores a 2.16.11 y 3.3.2, un plugin de Helm puede contener duplicados de la misma entrada, y siempre se usa la última. Si un plugin está comprometido, esto reduce el nivel de acceso que un atacante necesita para modificar los hooks de instalación de un plugin, causando un ataque de ejecución local. Para llevar a cabo este ataque, un atacante necesita tener acceso de escritura al repositorio de git o al archivo de plugins (.tgz) mientras está siendo descargado (lo que puede ocurrir durante un ataque de tipo MITM en una conexión no SSL). Este problema ha sido corregido en Helm versión 2.16.11 y Helm versión 3.3.2. Como posible solución, asegúrese de instalar plugins usando un protocolo de conexión seguro como SSL

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-06-25 CVE Reserved
2020-09-17 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-694: Use of Multiple Resources with Duplicate Identifier

CAPEC

References (2)

URL	Tag	Source
https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b	2021-11-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Helm Search vendor "Helm"		Helm Search vendor "Helm" for product "Helm"				>= 2.0.0 < 2.16.11 Search vendor "Helm" for product "Helm" and version " >= 2.0.0 < 2.16.11"		-		Affected
Helm Search vendor "Helm"		Helm Search vendor "Helm" for product "Helm"				>= 3.0.0 < 3.3.2 Search vendor "Helm" for product "Helm" and version " >= 3.0.0 < 3.3.2"		-		Affected