Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal in Helm Plugin Archive
Vulnerability Description
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
helm 路径遍历漏洞
Vulnerability Description
helm是一款Kubernetes包管理器。 helm 3.0.0及之后版本(3.2.4版本已修复)中存在路径遍历漏洞。攻击者可通过发送在‘path’参数中包含‘/../’序列的tar文件利用该漏洞覆盖系统上的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A