CVE-2021-21303

Injection attack in Helm

Severity Score

6.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used "as is" without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.

"Helm es un software de código abierto que es esencialmente ""The Kubernetes Package Manager"". Helm es una herramienta para gestionar Gráficos. Los Gráficos son paquetes de recursos Kubernetes preconfigurados. En Helm versiones desde 3.0 y anteriores a 3.5.2, había algunos casos en los que los datos cargados desde fuentes potencialmente no confiables no eran saneados apropiadamente. Cuando un SemVer en el campo ""version"" de un gráfico no es válido, en algunos casos Helm permite que la cadena sea usada ""as is"" sin sanearla. Helm no sanea apropiadamente algunos campos presentes en los archivos ""index.yaml"" del repositorio Helm. Helm no sanea correctamente algunos campos del fichero ""plugin.yaml"" para los plugins En algunos casos, Helm no sanea apropiadamente los campos del fichero ""Chart.yaml"". Al explotar estos vectores de ataque, los mantenedores principales fueron capaces de enviar información engañosa a una pantalla de terminal que ejecutaba el comando ""helm"", así como oscurecer o alterar la información en la pantalla. En algunos casos, podíamos enviar códigos que los terminales usaban para ejecutar lógica de orden superior, como borrar la pantalla de un terminal. Además, durante la evaluación, los mantenedores de Helm detectaron algunos otros campos que no estaban apropiadamente saneados cuando se leían desde los archivos de índice del repositorio. Esta corrección remedia todos estos casos, y una vez más aplica las políticas de SemVer2 en los campos version. Todos los usuarios de Helm 3 deberían actualizar a la versión corregida 3.5.2 o posterior. Aquellos que usen Helm como una biblioteca deberían verificar que sanean estos datos por su cuenta, o que usan las llamadas apropiadas a la API de Helm para sanear los datos

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-12-22 CVE Reserved
2021-02-05 CVE Published
2023-07-08 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CAPEC

References (3)

URL	Tag	Source
https://github.com/helm/helm/releases/tag/v3.5.2	Release Notes
https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a	2023-03-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Helm Search vendor "Helm"		Helm Search vendor "Helm" for product "Helm"				>= 3.0.0 < 3.5.2 Search vendor "Helm" for product "Helm" and version " >= 3.0.0 < 3.5.2"		-		Affected