Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Azure Linux 3.0 Security Update: cert-manager / helm (CVE-2024-26147)

🗓️ 10 Feb 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 7 Views

Azure Linux 3.0 cert-manager and helm prior to version 3.14.2 vulnerable to CVE-2024-26147.

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerabilities of the LoadIndexFile() and DownloadIndexFile() functions in the repo package, as well as the LoadDir() function in the plugin package of the Kubernetes Helm package manager, allow a malicious actor to cause service interruptions.
4 Apr 202400:00
bdu_fstec
CBLMariner		CVE-2024-26147 affecting package cert-manager for versions less than 1.11.2-10
12 Jun 202422:23
cbl_mariner
CBLMariner		CVE-2024-26147 affecting package cert-manager for versions less than 1.12.13-1
20 Sep 202413:32
cbl_mariner
CBLMariner		CVE-2024-26147 affecting package helm for versions less than 3.13.2-3
21 Jun 202409:32
cbl_mariner
Chainguard		CVE-2024-26147 vulnerabilities
21 Feb 202423:15
cgr
Circl		CVE-2024-26147
22 Feb 202400:21
circl
CNNVD		Helm Security Vulnerabilities
21 Feb 202400:00
cnnvd
CVE		CVE-2024-26147
21 Feb 202422:21
cve
Cvelist		CVE-2024-26147 Helm's Missing YAML Content Leads To Panic
21 Feb 202422:21
cvelist
EUVD		EUVD-2024-0709
3 Oct 202520:07
euvd
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(215534);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/15");

  script_cve_id("CVE-2024-26147");

  script_name(english:"Azure Linux 3.0 Security Update: cert-manager / helm (CVE-2024-26147)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Azure Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of cert-manager / helm installed on the remote Azure Linux 3.0 host is prior to tested version. It is,
therefore, affected by a vulnerability as referenced in the CVE-2024-26147 advisory.

  - Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized
    variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either
    an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in
    Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in
    the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts
    functions around adding a repository and all Helm functions if a malicious plugin is added as Helm
    inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a
    malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin
    can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected
    functions can use `recover` to catch the panic. (CVE-2024-26147)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2024-26147");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-26147");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/09/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/02/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:cert-manager");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:cert-manager-acmesolver");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:cert-manager-cainjector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:cert-manager-cmctl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:cert-manager-controller");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:cert-manager-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:cert-manager-webhook");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:helm");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:azure_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Azure Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AzureLinux/release", "Host/AzureLinux/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AzureLinux/release');
if (isnull(release) || 'Azure Linux' >!< release) audit(AUDIT_OS_NOT, 'Azure Linux');
var os_ver = pregmatch(pattern: "Azure Linux ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Azure Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Azure Linux 3.0', 'Azure Linux ' + os_ver);

if (!get_kb_item('Host/AzureLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
  audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Azure Linux', cpu);

var pkgs = [
    {'reference':'cert-manager-1.12.13-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-1.12.13-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-acmesolver-1.12.13-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-acmesolver-1.12.13-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-cainjector-1.12.13-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-cainjector-1.12.13-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-cmctl-1.12.13-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-cmctl-1.12.13-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-controller-1.12.13-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-controller-1.12.13-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-debuginfo-1.12.13-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-debuginfo-1.12.13-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-webhook-1.12.13-1.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cert-manager-webhook-1.12.13-1.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'helm-3.13.2-3.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'helm-3.13.2-3.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Azure Linux ' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cert-manager / cert-manager-acmesolver / cert-manager-cainjector / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Sep 2025 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.17.5
EPSS0.00926
SSVC
azure linuxcert-managerhelmversion vulnerabilitycve-2024-26147helm sdkmalicious pluginsecurity update
7