CVE-2020-4053 - OpenCVE

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Helm	Helm

Configuration 1 [-]

cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688	Patch
https://github.com/helm/helm/releases/tag/v3.2.4	Release Notes
https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-06-16T22:00:19

Updated: 2020-06-16T22:00:19

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4053

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-16T22:15:10.597

Modified: 2024-02-08T02:11:32.513

Link: CVE-2020-4053

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Helm", "vendor": "The Helm Project", "versions": [{"status": "affected", "version": ">= 3.0.0, < 3.2.4"}]}], "descriptions": [{"lang": "en", "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-16T22:00:19", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/releases/tag/v3.2.4"}], "source": {"advisory": "GHSA-qq3j-xp49-j73f", "discovery": "UNKNOWN"}, "title": "Path Traversal in Helm Plugin Archive", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-4053", "STATE": "PUBLIC", "TITLE": "Path Traversal in Helm Plugin Archive"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Helm", "version": {"version_data": [{"version_value": ">= 3.0.0, < 3.2.4"}]}}]}, "vendor_name": "The Helm Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f", "refsource": "CONFIRM", "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"}, {"name": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688", "refsource": "MISC", "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"}, {"name": "https://github.com/helm/helm/releases/tag/v3.2.4", "refsource": "MISC", "url": "https://github.com/helm/helm/releases/tag/v3.2.4"}]}, "source": {"advisory": "GHSA-qq3j-xp49-j73f", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-4053", "datePublished": "2020-06-16T22:00:19", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2020-06-16T22:00:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "matchCriteriaId": "F90E5468-5EE9-4943-ACCF-2E1F6BC013ED", "versionEndExcluding": "3.2.4", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4."}, {"lang": "es", "value": "En Helm versiones superiores o iguales a 3.0.0 y menores a 3.2.4, es posible un ataque de salto de ruta al instalar plugins de Helm desde un archivo tar por medio de HTTP. Es posible que un autor de plugin malicioso inyecte una ruta relativa en un archivo de plugin y copie un archivo fuera del directorio previsto. Esto se ha corregido en la versi\u00f3n 3.2.4"}], "id": "CVE-2020-4053", "lastModified": "2024-02-08T02:11:32.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-06-16T22:15:10.597", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/helm/helm/releases/tag/v3.2.4"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}