Lucene search
MitreCVELIST:CVE-2019-25210HistoryMar 03, 2024 - 12:00 a.m.
CVE-2019-25210
2024-03-0300:00:00
mitre
www.cve.org
cloud native computing foundation
helm
security concern
ci/cd tool
secrets
vendor position
backwards compatibility
unauthorized access
An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor’s position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project’s responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.
Related
prion
prion
Input validation
2024-03-03 21:15:00
veracode
veracode
Sensitive Information Disclosure
2024-03-04 12:35:43
cgr
cgr
CVE-2019-25210 vulnerabilities
2024-05-19 03:07:16
osv
osv
CGA-6cw7-c57f-pcxw
2024-06-19 18:06:53
Helm shows secrets in clear text
2024-03-03 21:31:25
redhatcve
redhatcve
CVE-2019-25210
2024-03-05 17:48:34
github
github
Helm shows secrets in clear text
2024-03-03 21:31:25
nvd
nvd
CVE-2019-25210
2024-03-03 21:15:49
wolfi
wolfi
CVE-2019-25210 vulnerabilities
2024-07-01 03:08:37
cve
cve
CVE-2019-25210
2024-03-03 21:15:49
redhat
redhat
(RHSA-2024:1549) Critical: ACS 4.3 enhancement and security update
2024-03-27 18:45:05
(RHSA-2024:1570) Important: ACS 4.4 enhancement and security update
2024-03-28 20:47:45