CVE-2020-15187— Duplicate plugin entries in Helm
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-15187
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Duplicate plugin entries in Helm
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用多个具有重复标识的资源
Source: NVD (National Vulnerability Database)
Vulnerability Title
helm 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
helm是一款Kubernetes包管理器。 Helm 2.16.11 之前版本和3.3.2版本存在安全漏洞,攻击者可利用该漏洞发起本地攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2020-15187
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-15187
请登录查看更多情报信息。
- https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9jx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-15187
Same Patch Batch · helm · 2020-09-17 · 4 CVEs total
| CVE-2020-15184 | 3.7 LOW | Aliases are never checked in Helm |
| CVE-2020-15186 | 3.4 LOW | Improper sanitization of plugin names in Helm |
| CVE-2020-15185 | 2.2 LOW | Duplicated chart entries in Helm |
IV. Related Vulnerabilities
Same product: helm
- CVE-2026-35206
Helm Chart extraction output directory collapse via `Chart.y - CVE-2026-35205
Helm's plugin verification fails open when .prov is missing, - CVE-2026-35204
Helm has a path traversal in plugin metadata version enables - CVE-2026-25750
LangSmith Studio has URL Parameter Injection Vulnerability t - CVE-2025-55198
Helm May Panic Due To Incorrect YAML Content
Same vendor: helm
- CVE-2026-35206
Helm Chart extraction output directory collapse via `Chart.y - CVE-2026-35205
Helm's plugin verification fails open when .prov is missing, - CVE-2026-35204
Helm has a path traversal in plugin metadata version enables - CVE-2025-55198
Helm May Panic Due To Incorrect YAML Content - CVE-2025-55199
Helm Charts with Specific JSON Schema Values Can Cause Memor
Same weakness: CWE-694
- CVE-2026-5794
Vulnerability in Cryptobox allows an authenticated user to t - CVE-2025-13609
Keylime: keylime: registrar allows identity takeover via dup - CVE-2024-41146
Gallagher Controller 6000和Gallagher Controller 7000 安全漏洞 - CVE-2022-23721
PingID integration for Windows login duplicate username coll - CVE-2023-20100
Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Jo
V. Comments for CVE-2020-15187
No comments yet