DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2019-25210

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-25210

CGA ID

CGA-8m4j-r6jg-jf5v

Summary

Helm shows secrets in clear text

Description

An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values).

References

  • https://images.chainguard.dev/security/CGA-8m4j-r6jg-jf5v
  • https://github.com/advisories/GHSA-jw44-4f3j-q396
  • https://nvd.nist.gov/vuln/detail/CVE-2019-25210
  • https://github.com/helm/helm/issues/7275
  • https://github.com/helm/helm
  • https://helm.sh/blog/response-cve-2019-25210
  • https://www.cncf.io/projects/helm

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation