{"containers": {"cna": {"affected": [{"product": "Helm", "vendor": "The Helm Project", "versions": [{"status": "affected", "version": ">= 3.0.0, < 3.2.4"}]}], "descriptions": [{"lang": "en", "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-16T22:00:19", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/releases/tag/v3.2.4"}], "source": {"advisory": "GHSA-qq3j-xp49-j73f", "discovery": "UNKNOWN"}, "title": "Path Traversal in Helm Plugin Archive", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-4053", "STATE": "PUBLIC", "TITLE": "Path Traversal in Helm Plugin Archive"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Helm", "version": {"version_data": [{"version_value": ">= 3.0.0, < 3.2.4"}]}}]}, "vendor_name": "The Helm Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f", "refsource": "CONFIRM", "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"}, {"name": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688", "refsource": "MISC", "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"}, {"name": "https://github.com/helm/helm/releases/tag/v3.2.4", "refsource": "MISC", "url": "https://github.com/helm/helm/releases/tag/v3.2.4"}]}, "source": {"advisory": "GHSA-qq3j-xp49-j73f", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:52:20.934Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/helm/helm/releases/tag/v3.2.4"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-4053", "datePublished": "2020-06-16T22:00:19", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-08-04T07:52:20.934Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "matchCriteriaId": "F90E5468-5EE9-4943-ACCF-2E1F6BC013ED", "versionEndExcluding": "3.2.4", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."}, {"lang": "es", "value": "En Helm versiones superiores o iguales a 3.0.0 y menores a 3.2.4, es posible un ataque de salto de ruta al instalar plugins de Helm desde un archivo tar por medio de HTTP. Es posible que un autor de plugin malicioso inyecte una ruta relativa en un archivo de plugin y copie un archivo fuera del directorio previsto. Esto se ha corregido en la versi\u00f3n 3.2.4"}], "id": "CVE-2020-4053", "lastModified": "2024-02-08T02:11:32.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-06-16T22:15:10.597", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/helm/helm/releases/tag/v3.2.4"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "helm: allows path traversal when installing plugins from a tar archive over HTTP", "id": "1848497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848497"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-22", "details": ["In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.", "A flaw was found in the Helm plugin installation, where it was vulnerable to path traversal attacks. This flaw allows an attacker to create specially crafted plugin archives to create files outside of the plugin directory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."], "name": "CVE-2020-4053", "package_state": [{"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8/osp-director-downloader", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8/osp-director-operator", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2020-06-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-4053\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-4053"], "threat_severity": "Low", "upstream_fix": "helm 3.2.3"}