In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software.
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Helm | Helm | 2.0.0 (including) | 2.16.11 (excluding) |
| Helm | Helm | 3.0.0 (including) | 3.3.2 (excluding) |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | acmesolver-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | acm-must-gather-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | acm-operator-bundle-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | application-ui-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | cainjector-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | cert-manager-controller-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | cert-manager-webhook-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | cert-policy-controller-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | clusterlifecycle-state-metrics-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | configmap-watcher-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | config-policy-controller-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | console-api-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | console-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | console-header-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | console-ui-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | endpoint-component-operator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | endpoint-monitoring-operator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | endpoint-operator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | governance-policy-propagator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | governance-policy-spec-sync-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | governance-policy-status-sync-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | governance-policy-template-sync-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | grafana-dashboard-loader-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | grc-ui-api-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | grc-ui-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | iam-policy-controller-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | klusterlet-addon-lease-controller-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | klusterlet-operator-bundle-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | kui-web-terminal-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | management-ingress-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | mcm-topology-api-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | mcm-topology-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | memcached-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | memcached-exporter-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | metrics-collector-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicloud-manager-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multiclusterhub-operator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multiclusterhub-repo-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-observability-operator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-application-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-channel-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-deployable-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-placementrule-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-subscription-operator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-subscription-release-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | observatorium-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | observatorium-operator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | openshift-hive-operator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | rbac-query-proxy-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | rcm-controller-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | redisgraph-tls-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | registration-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | registration-operator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | search-aggregator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | search-api-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | search-collector-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | search-operator-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | search-ui-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | submariner-addon-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | thanos-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | thanos-receive-controller-container | * |
| Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | work-container | * |