CVE-2020-15184

LOW Year: 2020
CVSS v3 Score
2.7
Low
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters.

Related Vulnerabilities

CVE-2017-15136

LOW
CVSS:2.7(Low)

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will ...

CWE-202017

CVE-2017-18382

LOW
CVSS:2.7(Low)

cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).

CWE-202017

CVE-2017-18393

LOW
CVSS:2.7(Low)

cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).

CWE-202017

CVE-2017-18394

LOW
CVSS:2.7(Low)

cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).

CWE-202017

CVE-2017-18395

LOW
CVSS:2.7(Low)

cPanel before 68.0.15 does not block a username of ssl (SEC-328).

CWE-202017

CVE-2017-18401

LOW
CVSS:2.7(Low)

cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).

CWE-202017