Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

📄 Headlamp 0.38.0 Credential Reuse

🗓️ 18 Dec 2025 00:00:00Reported by r0binakType 
packetstorm
 packetstorm🔗 packetstorm.news👁 147 Views

Headlamp credential reuse enables unauthorized access to Helm user interface after helm page use.

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2025-14269
17 Dec 202516:25
circl
CVE		CVE-2025-14269
17 Dec 202517:51
cve
Packet Storm		📄 Headlamp 0.38.0 Unauthenticated Cached Credentials Access
22 Dec 202500:00
packetstorm
Positive Technologies		PT-2025-52206
17 Dec 202500:00
ptsecurity
# CVE-2025-14269
    A security issue was discovered in the in-cluster version of Headlamp where unauthenticated users may be able to reuse cached credentials to access Helm functionality through the Headlamp UI. Kubernetes clusters are only affected if Headlamp is installed, is configured with config.enableHelm: true, and an authorized user has previously accessed the Helm functionality.
    
    # PoC
    
    - Install Headlamp version <= v0.38.0
    - Configured with `config.enableHelm: true`
    - The logged in user must open the Helm page (`/clusters/main/helm/releases/list`), after which the response will be cached
    - After this, an unauthorized user can also send a request to `/clusters/main/helm/releases/list` and receive a response with sensitive information, including keys, tokens, and passwords.
    <img width="1414" height="393" alt="Снимок экрана 2025-12-17 в 21 18 43" src="https://github.com/user-attachments/assets/ee8b8183-443f-4ed9-b429-8a5813e714a6" />

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Dec 2025 00:00Current
6.9Medium risk
Vulners AI Score6.9
HeadlampCredential reuseHelm user interfaceCached credentialsIn cluster
147