Skip to main content

Helm CVE-2019-1010275

CRITICAL
Improper Certificate Validation (CWE-295)
2019-07-17 josh@bress.net
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 17, 2019 - 21:15 nvd
CRITICAL 9.8

DescriptionNVD

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.

AnalysisAI

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-295. helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2. Affected products include: Helm. Version information: Before 2.7.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Helm

View all
CVE-2019-1000008 MEDIUM POC
6.5 Feb 04

All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restric

CVE-2019-18658 CRITICAL
9.8 Nov 12

In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opport

CVE-2020-11013 MEDIUM POC
5.0 Apr 24

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. Rated medium sever

CVE-2021-32690 HIGH
8.6 Jun 16

Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). Rated high severity (CVSS 8.6), th

CVE-2025-53547 HIGH
8.5 Jul 08

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a s

CVE-2026-35205 HIGH
8.4 Apr 09

Helm 4.0.0 through 4.1.3 silently installs Kubernetes plugins without cryptographic provenance verification even when si

CVE-2026-35204 HIGH
8.4 Apr 09

Path traversal in Helm 4.0.0-4.1.3 allows local attackers to write arbitrary files during plugin installation or update

CVE-2023-25165 MEDIUM POC
4.3 Feb 08

Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template funct

CVE-2024-26147 HIGH
7.5 Feb 21

Helm is a package manager for Charts for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely expl

CVE-2022-23526 HIGH
7.5 Dec 15

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Rated high severity (CVSS 7.5), this vulnerabil

CVE-2022-23525 HIGH
7.5 Dec 15

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Rated high severity (CVSS 7.5), this vulnerabil

CVE-2022-23524 HIGH
7.5 Dec 15

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Rated high severity (CVSS 7.5), this vulnerabil

Share

CVE-2019-1010275 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy