Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Duplicate plugin entries in Helm
Vulnerability Description
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
Vulnerability Type
使用多个具有重复标识的资源
Vulnerability Title
helm 安全漏洞
Vulnerability Description
helm是一款Kubernetes包管理器。 Helm 2.16.11 之前版本和3.3.2版本存在安全漏洞,攻击者可利用该漏洞发起本地攻击。
CVSS Information
N/A
Vulnerability Type
N/A