Lucene search
GitHub Advisory DatabaseGHSA-JW44-4F3J-Q396HistoryMar 03, 2024 - 9:31 p.m.
Helm shows secrets in clear text
2024-03-0321:31:25
CWE-200
GitHub Advisory Database
github.com
7
helm
secrets
clear text
security concern
backwards compatibility
--dry-run
ci/cd
An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor’s position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).
| CPE | Name | Operator | Version |
|---|---|---|---|
| helm.sh/helm/v3 | le | 3.14.2 |
Related
prion
prion
Input validation
2024-03-03 21:15:00
cgr
cgr
CVE-2019-25210 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Sensitive Information Disclosure
2024-03-04 12:35:43
cve
cve
CVE-2019-25210
2024-03-03 21:15:49
osv
osv
Helm shows secrets in clear text
2024-03-03 21:31:25
cvelist
cvelist
CVE-2019-25210
2024-03-03 00:00:00
redhatcve
redhatcve
CVE-2019-25210
2024-03-05 17:48:34
wolfi
wolfi
CVE-2019-25210 vulnerabilities
2024-05-19 21:07:16
redhat
redhat
(RHSA-2024:1549) Critical: ACS 4.3 enhancement and security update
2024-03-27 18:45:05
(RHSA-2024:1570) Important: ACS 4.4 enhancement and security update
2024-03-28 20:47:45