CVE-2019-25210
Summary
An Information Disclosure vulnerability was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the "--dry-run" flag is used. This is a security concern in some use cases, such as a "--dry-run" call by a CI/CD tool. This vulnerability affects github.com/helm/helm package versions from 3.0.0-alpha.1. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
Advisory Timeline
- Published