CVE-2020-15185 - OpenCVE

In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Helm	Helm

Configuration 1 [-]

OR	cpe:2.3:a:helm:helm::::::::
	cpe:2.3:a:helm:helm::::::::

References

Link	Resource
https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc	Patch Third Party Advisory
https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-09-17T21:30:13

Updated: 2020-09-17T21:30:13

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15185

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-17T22:15:12.443

Modified: 2022-08-05T19:31:23.850

Link: CVE-2020-15185

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "helm", "vendor": "helm", "versions": [{"status": "affected", "version": ">= 2.0.0, < 2.16.11"}, {"status": "affected", "version": ">= 3.0.0, < 3.3.2"}]}], "descriptions": [{"lang": "en", "value": "In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-694", "description": "{\"CWE-694\":\"Use of Multiple Resources with Duplicate Identifier\"}", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-74", "description": "{\"CWE-74\":\"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\"}", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-17T21:30:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc"}], "source": {"advisory": "GHSA-jm56-5h66-w453", "discovery": "UNKNOWN"}, "title": "Duplicated chart entries in Helm", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15185", "STATE": "PUBLIC", "TITLE": "Duplicated chart entries in Helm"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "helm", "version": {"version_data": [{"version_value": ">= 2.0.0, < 2.16.11"}, {"version_value": ">= 3.0.0, < 3.3.2"}]}}]}, "vendor_name": "helm"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "{\"CWE-694\":\"Use of Multiple Resources with Duplicate Identifier\"}"}]}, {"description": [{"lang": "eng", "value": "{\"CWE-74\":\"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\"}"}]}]}, "references": {"reference_data": [{"name": "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453", "refsource": "CONFIRM", "url": "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453"}, {"name": "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc", "refsource": "MISC", "url": "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc"}]}, "source": {"advisory": "GHSA-jm56-5h66-w453", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15185", "datePublished": "2020-09-17T21:30:13", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2020-09-17T21:30:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "matchCriteriaId": "455BCCE5-1D43-4E59-9591-E84B52DAAF0B", "versionEndExcluding": "2.16.11", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "matchCriteriaId": "B462D769-3FC0-4079-8B48-863F013662EF", "versionEndExcluding": "3.3.2", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software."}, {"lang": "es", "value": "En Helm versiones anteriores a 2.16.11 y 3.3.2, un repositorio de Helm puede contener duplicados del mismo gr\u00e1fico, y siempre se usa el \u00faltimo. Si un repositorio est\u00e1 comprometido, esto reduce el nivel de acceso que necesita un atacante para inyectar un gr\u00e1fico incorrecto en un repositorio. Para llevar a cabo este ataque, un atacante necesita tener acceso de escritura al archivo de index (lo que puede ocurrir durante un ataque MITM en una conexi\u00f3n no SSL). Este problema ha sido corregido en Helm versiones 3.3.2 y 2.16.11. Una posible soluci\u00f3n es revisar manualmente el archivo index en la cach\u00e9 del repositorio de Helm antes de instalar el software"}], "id": "CVE-2020-15185", "lastModified": "2022-08-05T19:31:23.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-09-17T22:15:12.443", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-694"}, {"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}