How severe is CVE-2021-32690?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2021-32690?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2021-32690 - HIGH Severity | CVSS 8.6

Vulnerability Description

Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This issue has been resolved in 3.6.1. There is a workaround through which one may check for improperly passed credentials. One may use a username and password for a Helm repository and may audit the Helm repository in order to check for another domain being used that could have received the credentials. In the `index.yaml` file for that repository, one may look for another domain in the `urls` list for the chart versions. If there is another domain found and that chart version was pulled or installed, the credentials would be passed on.

Related Vulnerabilities

CVE-2015-7932

HIGH

CVSS:8.6(High)

Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network.

CWE-2002015

CVE-2015-7934

HIGH

CVSS:8.6(High)

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.

CWE-2002015

CVE-2015-8555

HIGH

CVSS:8.6(High)

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains t...

CWE-2002015

CVE-2016-0904

HIGH

CVSS:8.6(High)

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to d...

CWE-2002016

CVE-2017-2317

HIGH

CVSS:8.6(High)

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause...

CWE-2002017

CVE-2018-16288

HIGH

CVSS:8.6(High)

LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.

CWE-2002018