1848497 – (CVE-2020-4053) CVE-2020-4053 helm: allows path traversal when installing plugins from a tar archive over HTTP

Bug 1848497 (CVE-2020-4053) - CVE-2020-4053 helm: allows path traversal when installing plugins from a tar archive over HTTP

Summary: CVE-2020-4053 helm: allows path traversal when installing plugins from a tar ...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-4053
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1851814
Blocks:	1848498
TreeView+	depends on / blocked

Reported:	2020-06-18 13:12 UTC by Guilherme de Almeida Suckevicz
Modified:	2021-12-15 02:53 UTC (History)
CC List:	15 users (show)
Fixed In Version:	helm 3.2.3
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Helm plugin installation, where it was vulnerable to path traversal attacks. This flaw allows an attacker to create specially crafted plugin archives to create files outside of the plugin directory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed:	2021-10-28 05:01:24 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-06-18 13:12:53 UTC

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.

Reference:
https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f

Upstream commit:
https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688

Note You need to log in before you can comment on or make changes to this bug.