Lucene search
GoogleOSV:GHSA-JW44-4F3J-Q396HistoryMar 03, 2024 - 9:31 p.m.
Helm shows secrets in clear text
2024-03-0321:31:25
Google
osv.dev
5
helm
secrets
clear text
security concern
ci/cd tool
An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor’s position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).
| CPE | Name | Operator | Version |
|---|---|---|---|
| helm.sh/helm/v3 | le | 3.14.2 | |
| helm.sh/helm/v3 | ge | 3.0.0 |
Related
prion
prion
Input validation
2024-03-03 21:15:00
cgr
cgr
CVE-2019-25210 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Sensitive Information Disclosure
2024-03-04 12:35:43
redhatcve
redhatcve
CVE-2019-25210
2024-03-05 17:48:34
nvd
nvd
CVE-2019-25210
2024-03-03 21:15:49
osv
osv
CGA-6cw7-c57f-pcxw
2024-06-19 18:06:53
github
github
Helm shows secrets in clear text
2024-03-03 21:31:25
wolfi
wolfi
CVE-2019-25210 vulnerabilities
2024-06-28 09:08:32
cvelist
cvelist
CVE-2019-25210
2024-03-03 00:00:00
cve
cve
CVE-2019-25210
2024-03-03 21:15:49
redhat
redhat
(RHSA-2024:1549) Critical: ACS 4.3 enhancement and security update
2024-03-27 18:45:05
(RHSA-2024:1570) Important: ACS 4.4 enhancement and security update
2024-03-28 20:47:45