How severe is CVE-2020-15185?

This vulnerability has a severity rating of LOW with a CVSS score of 2.7 out of 10.

What type of vulnerability is CVE-2020-15185?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2020-15185 - LOW Severity | CVSS 2.7

Vulnerability Description

In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.

Related Vulnerabilities

CVE-2024-37253

LOW

CVSS:2.7(Low)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Director...

CWE-742024

CVE-2024-6470

MEDIUM

CVSS:2.7(Low)

A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php?app=main&inc=feature_inboxgroup&op=list of the...

CWE-742024

CVE-2024-11954

MEDIUM

CVSS:2.4(Low)

A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cros...

CWE-742024

CVE-2015-7466

LOW

CVSS:3.1(Low)

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass inte...

CWE-742015

CVE-2016-8720

LOW

CVSS:3.1(Low)

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can in...

CWE-742016

CVE-2022-29816

LOW

CVSS:3.2(Low)

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible

CWE-742022