Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2020-15187

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Published: Sep 17, 2020 | Modified: May 29, 2025
CVSS 3.x
4.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
4.7 MODERATE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Ubuntu
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-15187
CWEhttps://cwe.mitre.org/data/definitions/74.html

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugins install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL.

Weakness

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Affected Software

NameVendorStart VersionEnd Version
HelmHelm2.0.0 (including)2.16.11 (excluding)
HelmHelm3.0.0 (including)3.3.2 (excluding)
Red Hat Advanced Cluster Management for Kubernetes 2RedHatacmesolver-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatacm-must-gather-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatacm-operator-bundle-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatapplication-ui-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcainjector-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcert-manager-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcert-manager-webhook-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcert-policy-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatclusterlifecycle-state-metrics-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconfigmap-watcher-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconfig-policy-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconsole-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconsole-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconsole-header-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconsole-ui-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatendpoint-component-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatendpoint-monitoring-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatendpoint-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-propagator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-spec-sync-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-status-sync-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-template-sync-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgrafana-dashboard-loader-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgrc-ui-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgrc-ui-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatiam-policy-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatklusterlet-addon-lease-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatklusterlet-operator-bundle-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatkui-web-terminal-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmanagement-ingress-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmcm-topology-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmcm-topology-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmemcached-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmemcached-exporter-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmetrics-collector-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticloud-manager-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticlusterhub-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticlusterhub-repo-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-observability-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-application-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-channel-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-deployable-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-placementrule-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-subscription-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-subscription-release-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatobservatorium-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatobservatorium-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatopenshift-hive-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatrbac-query-proxy-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatrcm-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatredisgraph-tls-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatregistration-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatregistration-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-aggregator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-collector-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-ui-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsubmariner-addon-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatthanos-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatthanos-receive-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatwork-container*

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use