x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-jw44-4f3j-q396 #2607

GoVulnBot · 2024-03-05T15:01:22Z

In GitHub Security Advisory GHSA-jw44-4f3j-q396, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
helm.sh/helm/v3		>= 3.0.0, <= 3.14.2

Cross references:

Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3/pkg/chartutil: GHSA-9vp5-m38w-j776 #817 NOT_IMPORTABLE
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3/pkg/plugin: GHSA-c52f-pq47-2r9j #820 NOT_IMPORTABLE
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3/pkg/repo: GHSA-jm56-5h66-w453 #851 NOT_IMPORTABLE
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3/pkg/plugin: GHSA-m54r-vrmv-hw33 #856 NOT_IMPORTABLE
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-q8q8-93cv-v6h8 #864 NOT_IMPORTABLE
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3/pkg/plugin/installer: GHSA-qq3j-xp49-j73f #868 NOT_IMPORTABLE
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-p5pc-m4q7-7qm9 #1938 EFFECTIVELY_PRIVATE
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-xrxm-mvqm-r553 #1948 EFFECTIVELY_PRIVATE
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-56hp-xqp3-w2jf #384
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in github.com/helm/helm: CVE-2022-36055 #962
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-c38g-469g-cmgx #1040
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-53c4-hhmh-vw5q #1165
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-67fx-wx78-jx33 #1166
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-6rx9-889q-vv2r #1167
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in github.com/helm/helm: CVE-2023-25165 #1547
Module helm.sh/helm/v3 appears in issue x/vulndb: potential Go vuln in github.com/helm/helm: CVE-2024-25620 #2554

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: helm.sh/helm/v3
      versions:
        - introduced: TODO (earliest fixed "", vuln range ">= 3.0.0, <= 3.14.2")
      packages:
        - package: helm.sh/helm/v3
summary: Helm shows secrets in clear text
cves:
    - CVE-2019-25210
ghsas:
    - GHSA-jw44-4f3j-q396
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2019-25210
    - report: https://github.com/helm/helm/issues/7275
    - web: https://www.cncf.io/projects/helm
    - advisory: https://github.com/advisories/GHSA-jw44-4f3j-q396

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-04-08T23:48:05Z

Change https://go.dev/cl/577398 mentions this issue: data/excluded: batch add 2 excluded reports

tatianab assigned maceonthompson Mar 5, 2024

maceonthompson added the excluded: NOT_A_VULNERABILITY This is not a vulnerability. label Mar 9, 2024

gopherbot closed this as completed in b9f311b Apr 17, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-jw44-4f3j-q396 #2607

x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-jw44-4f3j-q396 #2607

GoVulnBot commented Mar 5, 2024

gopherbot commented Apr 8, 2024

x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-jw44-4f3j-q396 #2607

x/vulndb: potential Go vuln in helm.sh/helm/v3: GHSA-jw44-4f3j-q396 #2607

Comments

GoVulnBot commented Mar 5, 2024

gopherbot commented Apr 8, 2024