CVE-2019-1000009: Path Traversal
First published: Mon Feb 04 2019(Updated: )
Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack appears to be exploitable via A POST request to the HTTP API can save a chart archive outside of the intended directory. If authentication is, optionally, enabled this requires an authorized user to do so. This vulnerability appears to have been fixed in 0.8.1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Helm ChartMuseum | >=0.1.0<0.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for Helm ChartMuseum?
The vulnerability ID for Helm ChartMuseum is CVE-2019-1000009.
What is the severity of CVE-2019-1000009?
The severity of CVE-2019-1000009 is medium (6.5).
What is the CWE ID for CVE-2019-1000009?
The CWE ID for CVE-2019-1000009 is CWE-22.
What is the affected software for CVE-2019-1000009?
The affected software for CVE-2019-1000009 is Helm ChartMuseum version >=0.1.0 and < 0.8.1.
How can I fix the vulnerability in Helm ChartMuseum?
To fix the vulnerability in Helm ChartMuseum, update to a version >= 0.8.1 or apply any patches provided by the vendor.
- collector/nvd-index
- agent/severity
- agent/references
- agent/event
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/helm
- canonical/helm chartmuseum
- version/helm chartmuseum/0.1.0