Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-7D987AEC757F3CA3918F83FFF67C4117HistoryJun 23, 2021 - 12:00 a.m.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
2021-06-2300:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
5
0.002 Low
EPSS
Percentile
53.6%
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go/helm.sh/helm/v3/pkg/plugin/installer | ge | 3.0.0 | |
| go/helm.sh/helm/v3/pkg/plugin/installer | lt | 3.2.4 |
References
github.com/advisories/GHSA-qq3j-xp49-j73f
github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688
github.com/helm/helm/commit/b6bbe4f08bbb98eadd6c9cd726b08a5c639908b3
github.com/helm/helm/pull/8317
github.com/helm/helm/releases/tag/v3.2.4
github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f
nvd.nist.gov/vuln/detail/CVE-2020-4053
Related
redhatcve
redhatcve
CVE-2020-4053
2021-12-22 07:54:46
cve
cve
CVE-2020-4053
2020-06-16 22:15:10
cvelist
cvelist
CVE-2020-4053 Path Traversal in Helm Plugin Archive
2020-06-16 22:00:19
nvd
nvd
CVE-2020-4053
2020-06-16 22:15:10
github
github
Plugin archive directory traversal in Helm
2021-06-23 18:14:36
veracode
veracode
Directory Traversal
2020-06-18 05:55:59
osv
osv
CVE-2020-4053
2020-06-16 22:15:10
BIT-helm-2020-4053
2024-03-06 10:54:38
Plugin archive directory traversal in Helm
2021-06-23 18:14:36
prion
prion
Path traversal
2020-06-16 22:15:00
altlinux
altlinux
Security fix for the ALT Linux 10 package helm version 3.4.1-alt1
2020-11-23 00:00:00