What is CVE-2020-15187?

CVE-2020-15187 is a low-severity vulnerability in Helm, classified under Use of Multiple Resources with Duplicate Identifier. CVSS score: 3.0/10. Published 2020-09-17.

How severe is CVE-2020-15187?

Low severity. CVSS v3 base score is 3.0 out of 10.

Vulnerability in Helm

CVE-2020-15187

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's insta…

EPSS: 0.002 (41.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.0 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N.

Affected products

Helm — versions >= 2.0.0, < 2.16.11, >= 3.0.0, < 3.3.2

Weakness classification (CWE)

References

https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j (x_refsource_CONFIRM)
https://github.com/helm/helm/commit/6aab63765f99050b115f0aec3d6350c85e8da946 (x_refsource_MISC)
https://github.com/helm/helm/commit/ac7c07c37d87e09797f714fb57aa5e9cb99d9450 (x_refsource_MISC)
https://github.com/helm/helm/commit/b0296c0522e837d65f944beefa3fb64fd08ac304 (x_refsource_MISC)
https://github.com/helm/helm/commit/c8d6b01d72c9604e43ee70d0d78fadd54c2d8499 (x_refsource_MISC)
https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b (x_refsource_MISC)
https://github.com/helm/helm/commit/f2ede29480b507b7d8bb152dd8b6b86248b00658 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-15187?: CVE-2020-15187 is a low-severity vulnerability in Helm, classified under Use of Multiple Resources with Duplicate Identifier. CVSS score: 3.0/10. Published 2020-09-17.
How severe is CVE-2020-15187?: Low severity. CVSS v3 base score is 3.0 out of 10.