BIT-HELM-2025-55198 Helm May Panic Due To Incorrect YAML Content

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...

CVE-2022-27207

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

PT-2022-18294 · Jenkins · Jenkins Global-Build-Stats Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins global-build-stats Plugin versions 1.5 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because multiple fields in the chart configuration on the 'Global Build Stats' page are...

Design/Logic Flaw

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system...

CVE-2021-23154 Command injection in Lens causes arbitrary shell command execution when malicious custom helm chart configuration provided

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system...