CVE-2020-15186

LOW Year: 2020
CVSS v3 Score
2.7
Low
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range.

Related Vulnerabilities

CVE-2017-15136

LOW
CVSS:2.7(Low)

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will ...

CWE-202017

CVE-2017-18382

LOW
CVSS:2.7(Low)

cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).

CWE-202017

CVE-2017-18393

LOW
CVSS:2.7(Low)

cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).

CWE-202017

CVE-2017-18394

LOW
CVSS:2.7(Low)

cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).

CWE-202017

CVE-2017-18395

LOW
CVSS:2.7(Low)

cPanel before 68.0.15 does not block a username of ssl (SEC-328).

CWE-202017

CVE-2017-18401

LOW
CVSS:2.7(Low)

cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).

CWE-202017