CVE-2020-15187

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.

CVSS v3 4.7 MEDIUM
CVSS v2.0 6.5 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b	Patch Third Party Advisory
https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:helm:helm::::::::
	cpe:2.3:a:helm:helm::::::::

History

18 Nov 2021, 17:51

Type	Values Removed	Values Added
CWE	CWE-694 CWE-74	NVD-CWE-Other

Information

Published : 2020-09-17 22:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-15187

Mitre link : CVE-2020-15187

CVE.ORG link : CVE-2020-15187

JSON object : View

Products Affected

helm

helm

CWE

NVD-CWE-Other CWE-694

Use of Multiple Resources with Duplicate Identifier

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2020-15187", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.0, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.3}]}, "published": "2020-09-17T22:15:12.647", "references": [{"url": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-694"}, {"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL."}, {"lang": "es", "value": "En Helm versiones anteriores a 2.16.11 y 3.3.2, un plugin de Helm puede contener duplicados de la misma entrada, y siempre se usa la \u00faltima. Si un plugin est\u00e1 comprometido, esto reduce el nivel de acceso que un atacante necesita para modificar los hooks de instalaci\u00f3n de un plugin, causando un ataque de ejecuci\u00f3n local. Para llevar a cabo este ataque, un atacante necesita tener acceso de escritura al repositorio de git o al archivo de plugins (.tgz) mientras est\u00e1 siendo descargado (lo que puede ocurrir durante un ataque de tipo MITM en una conexi\u00f3n no SSL). Este problema ha sido corregido en Helm versi\u00f3n 2.16.11 y Helm versi\u00f3n 3.3.2. Como posible soluci\u00f3n, aseg\u00farese de instalar plugins usando un protocolo de conexi\u00f3n seguro como SSL"}], "lastModified": "2021-11-18T17:51:13.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "455BCCE5-1D43-4E59-9591-E84B52DAAF0B", "versionEndExcluding": "2.16.11", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B462D769-3FC0-4079-8B48-863F013662EF", "versionEndExcluding": "3.3.2", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}