{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T23:36:56.739","vulnerabilities":[{"cve":{"id":"CVE-2020-15185","sourceIdentifier":"security-advisories@github.com","published":"2020-09-17T22:15:12.443","lastModified":"2024-11-21T05:05:01.830","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software."},{"lang":"es","value":"En Helm versiones anteriores a 2.16.11 y 3.3.2, un repositorio de Helm puede contener duplicados del mismo gráfico, y siempre se usa el último. Si un repositorio está comprometido, esto reduce el nivel de acceso que necesita un atacante para inyectar un gráfico incorrecto en un repositorio. Para llevar a cabo este ataque, un atacante necesita tener acceso de escritura al archivo de index (lo que puede ocurrir durante un ataque MITM en una conexión no SSL). Este problema ha sido corregido en Helm versiones 3.3.2 y 2.16.11. Una posible solución es revisar manualmente el archivo  index en la caché del repositorio de Helm antes de instalar el software"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.2,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-694"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.16.11","matchCriteriaId":"455BCCE5-1D43-4E59-9591-E84B52DAAF0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.3.2","matchCriteriaId":"B462D769-3FC0-4079-8B48-863F013662EF"}]}]}],"references":[{"url":"https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}