Lucene search
MitreVULNRICHMENT:CVE-2019-25210HistoryMar 03, 2024 - 12:00 a.m.
CVE-2019-25210
2024-03-0300:00:00
mitre
github.com
3
cncf helm
secrets
security concern
ci/cd
An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor’s position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project’s responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*"
],
"vendor": "helm",
"product": "helm",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.13.3"
}
],
"defaultStatus": "unknown"
}
]Related
osv
osv
CGA-2w6c-9967-2m98
2024-06-06 12:09:06
CGA-645w-jfx9-2mfx
2024-06-06 12:24:24
CGA-83w8-8q2w-9vvv
2024-06-06 12:23:34
prion
prion
Input validation
2024-03-03 21:15:00
veracode
veracode
Sensitive Information Disclosure
2024-03-04 12:35:43
cgr
cgr
CVE-2019-25210 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2019-25210
2024-03-03 21:15:49
cvelist
cvelist
CVE-2019-25210
2024-03-03 00:00:00
nvd
nvd
CVE-2019-25210
2024-03-03 21:15:49
github
github
Helm shows secrets in clear text
2024-03-03 21:31:25
redhatcve
redhatcve
CVE-2019-25210
2024-03-05 17:48:34
wolfi
wolfi
CVE-2019-25210 vulnerabilities
2024-09-28 21:12:41
redhat
redhat
(RHSA-2024:1549) Critical: ACS 4.3 enhancement and security update
2024-03-27 18:45:05
(RHSA-2024:1570) Important: ACS 4.4 enhancement and security update
2024-03-28 20:47:45
AI Score
7.1
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2019-25210