Helm Improper Certificate Validation
Critical severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Aug 1, 2023
Description
Published by the National Vulnerability Database
Jul 17, 2019
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Aug 1, 2023
Last updated
Aug 1, 2023
helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.
References