Technosophos

Name of the Vulnerable Software and Affected Versions: Helm versions 3.0 through 3.5.2 Description: Helm, a tool for managing Charts in Kubernetes, has cases where data loaded from potentially untrusted sources was not properly sanitized. This includes invalid SemVer in the `version` field of a chart, unsanitized fields in Helm repository `index.yaml` files, `plugin.yaml` files for plugins, and `Chart.yaml` files. By exploiting these, attackers could send deceptive information to a terminal screen running the `helm` command, obscure or alter information on the screen, or execute higher-order logic like clearing a terminal screen. The issue affects Helm 3 and has been resolved by enforcing SemVer2 policies on version fields. Recommendations: For Helm versions 3.0 through 3.5.2, upgrade to version 3.5.2 or later to resolve the issue. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.

**Name of the Vulnerable Software and Affected Versions** Helm versions 3.0.0 through 3.1.2 **Description** There is an information disclosure issue in Helm. The `lookup` template function, introduced in Helm v3, can lookup resources in the cluster to check for the existence of specific resources and get details about them. This function circumvents the documented behavior of `helm template`, which states that it does not attach to a remote cluster. A malicious chart author could inject a `lookup` into a chart that, when rendered through `helm template`, performs unannounced lookups against the cluster a user's `KUBECONFIG` file points to. This information can then be disclosed via the output of `helm template`. **Recommendations** For Helm versions 3.0.0 through 3.1.2, update to Helm 3.2.0 to fix the issue. As a temporary workaround, consider running `helm lint` on an untrusted chart before running `helm template`, as it will fail with an error if the `lookup` function is used. Alternatively, set the `KUBECONFIG` environment variable to point to an empty Kubernetes configuration file to prevent unintended network connections. Manually analyze a chart for the presence of a `lookup` function in any file in the `templates/` directory to identify potential risks.

Name of the Vulnerable Software and Affected Versions: helm versions prior to 2.7.2 Description: The issue concerns improper certificate validation, allowing unauthorized clients to connect to the server because self-signed client certificates were allowed. A malicious client could exploit this by connecting to the server over the network. Recommendations: For versions prior to 2.7.2, update to version 2.7.2 to resolve the issue. As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation by unauthorized clients.