4 matches found
SUSE CVE-2020-4053
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended director...
Security fix for the ALT Linux 10 package helm version 3.4.1-alt1
Nov. 23, 2020 Aleksei Nikiforov 3.4.1-alt1 - Updated to upstream version 3.4.1 Fixes: CVE-2020-4053, CVE-2020-11013, CVE-2020-15184, CVE-2020-15185, CVE-2020-15186, CVE-2020-15187...
CVE-2020-4053
CVE-2020-4053 affects Helm 3.0.0–3.2.3, enabling path traversal when installing plugins from tar archives delivered over HTTP. A malicious plugin author could inject relative paths in the archive to copy files outside the intended directory. The issue has been fixed in Helm 3.2.4. Affected compon...
CVE-2020-4053 Path Traversal in Helm Plugin Archive
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended director...