CVE-2019-25210: Helm shows secrets in clear text
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.33036%
CWE
Published
3/3/2024
Updated
2/11/2025
KEV Status
No
Technology
Go
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
helm.sh/helm/v3 | go | >= 3.0.0, <= 3.14.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from Helm's intentional design to output full manifest data during --dry-run executions. Key functions were identified through architectural analysis:
- Install/Upgrade actions (install.go/upgrade.go) directly handle --dry-run flag processing
- Manifest rendering logic (manifest.go) outputs raw secret values
- Confidence is high for action handlers due to direct dry-run flag association, medium for renderResources as secret handling logic location requires deeper code analysis While exact line numbers aren't available, these components are central to the dry-run manifest generation process that exposes secrets.