Skip to main content

CVE-2019-25210

Severity Medium
Score 6.5/10

Summary

An Information Disclosure vulnerability was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the "--dry-run" flag is used. This is a security concern in some use cases, such as a "--dry-run" call by a CI/CD tool. This vulnerability affects github.com/helm/helm package versions from 3.0.0-alpha.1. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

Advisory Timeline

  • Published