Bug 1848497 (CVE-2020-4053)
| Summary: | CVE-2020-4053 helm: allows path traversal when installing plugins from a tar archive over HTTP | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | dbecker, gparvin, jjoyce, jramanat, jschluet, jweiser, lhh, lpeer, mburns, rhos-maint, sclewis, slinaber, stcannon, tfister, thee |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | helm 3.2.3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the Helm plugin installation, where it was vulnerable to path traversal attacks. This flaw allows an attacker to create specially crafted plugin archives to create files outside of the plugin directory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-10-28 05:01:24 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1851814 | ||
| Bug Blocks: | 1848498 | ||
|
Description
Guilherme de Almeida Suckevicz
2020-06-18 13:12:53 UTC
|