CVE-2020-15187 - OpenCVE

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Helm	Helm

Configuration 1 [-]

OR	cpe:2.3:a:helm:helm::::::::
	cpe:2.3:a:helm:helm::::::::

References

Link	Resource
https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b	Patch Third Party Advisory
https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-09-17T21:50:12

Updated: 2020-09-17T21:50:12

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15187

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-17T22:15:12.647

Modified: 2021-11-18T17:51:13.843

Link: CVE-2020-15187

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "helm", "vendor": "helm", "versions": [{"status": "affected", "version": ">= 2.0.0, < 2.16.11"}, {"status": "affected", "version": ">= 3.0.0, < 3.3.2"}]}], "descriptions": [{"lang": "en", "value": "In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-694", "description": "{\"CWE-694\":\"Use of Multiple Resources with Duplicate Identifier\"}", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-74", "description": "{\"CWE-74\":\"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\"}", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-17T21:50:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b"}], "source": {"advisory": "GHSA-c52f-pq47-2r9j", "discovery": "UNKNOWN"}, "title": "Duplicate plugin entries in Helm", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15187", "STATE": "PUBLIC", "TITLE": "Duplicate plugin entries in Helm"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "helm", "version": {"version_data": [{"version_value": ">= 2.0.0, < 2.16.11"}, {"version_value": ">= 3.0.0, < 3.3.2"}]}}]}, "vendor_name": "helm"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "{\"CWE-694\":\"Use of Multiple Resources with Duplicate Identifier\"}"}]}, {"description": [{"lang": "eng", "value": "{\"CWE-74\":\"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\"}"}]}]}, "references": {"reference_data": [{"name": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j", "refsource": "CONFIRM", "url": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j"}, {"name": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b", "refsource": "MISC", "url": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b"}]}, "source": {"advisory": "GHSA-c52f-pq47-2r9j", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15187", "datePublished": "2020-09-17T21:50:12", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2020-09-17T21:50:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "matchCriteriaId": "455BCCE5-1D43-4E59-9591-E84B52DAAF0B", "versionEndExcluding": "2.16.11", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "matchCriteriaId": "B462D769-3FC0-4079-8B48-863F013662EF", "versionEndExcluding": "3.3.2", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL."}, {"lang": "es", "value": "En Helm versiones anteriores a 2.16.11 y 3.3.2, un plugin de Helm puede contener duplicados de la misma entrada, y siempre se usa la \u00faltima. Si un plugin est\u00e1 comprometido, esto reduce el nivel de acceso que un atacante necesita para modificar los hooks de instalaci\u00f3n de un plugin, causando un ataque de ejecuci\u00f3n local. Para llevar a cabo este ataque, un atacante necesita tener acceso de escritura al repositorio de git o al archivo de plugins (.tgz) mientras est\u00e1 siendo descargado (lo que puede ocurrir durante un ataque de tipo MITM en una conexi\u00f3n no SSL). Este problema ha sido corregido en Helm versi\u00f3n 2.16.11 y Helm versi\u00f3n 3.3.2. Como posible soluci\u00f3n, aseg\u00farese de instalar plugins usando un protocolo de conexi\u00f3n seguro como SSL"}], "id": "CVE-2020-15187", "lastModified": "2021-11-18T17:51:13.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-09-17T22:15:12.647", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-694"}, {"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}