CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
10.5%
github.com/helm/helm is vulnerable to Path Traversal. This vulnerability is due to a flaw in the validation and linting process within the client and SDK, allowing the saving of charts outside their expected directory based on changes in relative paths specified in the Chart.yaml
file. An attacker can exploit this vulnerability to manipulate chart paths, resulting in Path traversal.