What is CVE-2020-15185?

CVE-2020-15185 is a low-severity vulnerability in Helm, classified under Use of Multiple Resources with Duplicate Identifier. CVSS score: 2.2/10. Published 2020-09-17.

How severe is CVE-2020-15185?

Low severity. CVSS v3 base score is 2.2 out of 10.

Vulnerability in Helm

CVE-2020-15185

In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad ch…

EPSS: 0.002 (46.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.2 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N.

Affected products

Helm — versions >= 2.0.0, < 2.16.11, >= 3.0.0, < 3.3.2

Weakness classification (CWE)

References

github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453 (x_refsource_CONFIRM)
github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-15185?: CVE-2020-15185 is a low-severity vulnerability in Helm, classified under Use of Multiple Resources with Duplicate Identifier. CVSS score: 2.2/10. Published 2020-09-17.
How severe is CVE-2020-15185?: Low severity. CVSS v3 base score is 2.2 out of 10.