Miggo Logo

CVE-2019-25210: Helm shows secrets in clear text

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.33036%
Published
3/3/2024
Updated
2/11/2025
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
helm.sh/helm/v3go>= 3.0.0, <= 3.14.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Helm's intentional design to output full manifest data during --dry-run executions. Key functions were identified through architectural analysis:

  1. Install/Upgrade actions (install.go/upgrade.go) directly handle --dry-run flag processing
  2. Manifest rendering logic (manifest.go) outputs raw secret values
  3. Confidence is high for action handlers due to direct dry-run flag association, medium for renderResources as secret handling logic location requires deeper code analysis While exact line numbers aren't available, these components are central to the dry-run manifest generation process that exposes secrets.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in *lou* N*tiv* *omputin* *oun**tion (*N**) **lm. It *ispl*ys v*lu*s o* s**r*ts w**n t** --*ry-run *l** is us**. T*is is * s**urity *on**rn in som* us* **s*s, su** *s * --*ry-run **ll *y * *I/** tool. NOT*: t** v*n*or's positi

Reasoning

T** vuln*r**ility st*ms *rom **lm's int*ntion*l **si*n to output *ull m*ni**st **t* *urin* --*ry-run *x**utions. K*y *un*tions w*r* i**nti*i** t*rou** *r**it**tur*l *n*lysis: *. Inst*ll/Up*r*** **tions (inst*ll.*o/up*r***.*o) *ir**tly **n*l* --*ry-ru