ArchLinuxASA-202102-22[ASA-202102-22] helm: insufficient validation
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
23.0%
Arch Linux Security Advisory ASA-202102-22
Severity: Low
Date : 2021-02-07
CVE-ID : CVE-2021-21303
Package : helm
Type : insufficient validation
Remote : No
Link : https://security.archlinux.org/AVG-1539
Summary
The package helm before version 3.5.2-1 is vulnerable to insufficient
validation.
Resolution
Upgrade to 3.5.2-1.
pacman -Syu โhelm>=3.5.2-1โ
The problem has been fixed upstream in version 3.5.2.
Workaround
None.
Description
In Helm from version 3.0 and before version 3.5.2, there are a few
cases where data loaded from potentially untrusted sources was not
properly sanitized. When a SemVer in the version field of a chart is
invalid, in some cases Helm allows the string to be used โas isโ
without sanitizing. Helm fails to properly sanitize some fields present
in Helm repository index.yaml files. Helm does not properly sanitize
some fields in the plugin.yaml file for plugins. In some cases, Helm
does not properly sanitize the fields in the Chart.yaml file. By
exploiting these attack vectors, core maintainers were able to send
deceptive information to a terminal screen running the helm command,
as well as obscure or alter information on the screen. In some cases,
attackers could send codes that terminals used to execute higher-order
logic, like clearing a terminal screen. Further, during evaluation, the
Helm maintainers discovered a few other fields that were not properly
sanitized when read out of repository index files. This fix remedies
all such cases, and once again enforces SemVer2 policies on version
fields. All users of Helm 3 should upgrade to the fixed version 3.5.2
or later. Those who use Helm as a library should verify that they
either sanitize this data on their own, or use the proper Helm API
calls to sanitize the data.
Impact
An attacker might be able to spoof the contents of the terminal when
the user runs the โhelmโ command on a crafted Helm chart that includes
unsanitized terminal input codes.
References
https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx
https://github.com/helm/helm/commit/2bf5c280d56e0043bf1870f84d63e82d5c5d4230
https://security.archlinux.org/CVE-2021-21303
Related
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
23.0%