Candidate: CVE-2019-1010275
PublicDate: 2019-07-17 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010275
 https://github.com/helm/helm/pull/3152
 https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50
 https://github.com/helm/helm/releases/tag/v2.7.2
Description:
 helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation.
 The impact is: Unauthorized clients could connect to the server because
 self-signed client certs were aloowed. The component is: helm (many files
 updated, see
 https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50).
 The attack vector is: A malicious client could connect to the server over
 the network. The fixed version is: 2.7.2.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_helm:
upstream_helm: needs-triage
precise/esm_helm: DNE
trusty_helm: ignored (out of standard support)
trusty/esm_helm: DNE
xenial_helm: ignored (end of standard support, was needs-triage)
bionic_helm: needs-triage
disco_helm: ignored (reached end-of-life)
eoan_helm: ignored (reached end-of-life)
focal_helm: needs-triage
groovy_helm: ignored (reached end-of-life)
hirsute_helm: ignored (reached end-of-life)
impish_helm: needs-triage
jammy_helm: needs-triage
devel_helm: needs-triage