Bug 1978144 (CVE-2021-32690)
Summary: | CVE-2021-32690 helm: information disclosure vulnerability | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aos-bugs, bcoca, bkundu, bmontgom, chousekn, cmeyers, davidn, dbecker, dperaza, eparis, gblomqui, gghezzo, gparvin, jburrell, jcammara, jchui, jhadvig, jhardy, jjoyce, jlanford, jnakfour, jobarker, jokerman, jramanat, jschluet, jweiser, jwendell, kaycoth, kyoshida, lhh, lpeer, mabashia, mattmill, mburns, notting, nstielau, osapryki, pknezevi, rcernich, relrod, rfreiman, rhos-maint, rpetrell, sclewis, sd-operator-metering, sdoran, slinaber, smcdonal, sponnaga, stcannon, tflannag, thee, tkral, tkuratom, twalsh |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | helm 3.6.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability was discovered in Helm, which could allow credentials associated with one Helm repository to be leaked to another repository referenced by the first one. In order to exploit this vulnerability, an attacker would need to control a repository trusted by the configuration of the target Helm instance.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-18 20:08:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1991827, 1980633, 1984588, 1985915, 1987051, 1987052, 1987053, 1987055, 1987056, 1987057, 1988206, 1988207, 1988208, 1988209, 1988210, 1991828 | ||
Bug Blocks: | 1978146 |
Description
Dhananjay Arunesh
2021-07-01 08:18:13 UTC
Analysis is complete for Ansible affected components i.e. Ansible Tower (AAP 1.2) and Ansible Controller (AAP 2.0) and it was found that these components are affected by this CVE both from current version and current functionality implementation point of view. Hence, marking Ansible components as "Affected". This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2021:3759 https://access.redhat.com/errata/RHSA-2021:3759 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-32690 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7 Via RHSA-2021:3925 https://access.redhat.com/errata/RHSA-2021:3925 This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2021:4618 https://access.redhat.com/errata/RHSA-2021:4618 This issue has been addressed in the following products: RHACS-3.67-RHEL-8 Via RHSA-2021:4902 https://access.redhat.com/errata/RHSA-2021:4902 |