CVE-2024-26147

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 21, 2024

Updated: Jan 9, 2025

CWE ID 908

CWE ID 457

Summary

CVE-2024-26147 is a vulnerability affecting Helm, the package manager for Kubernetes Charts, prior to version 3.14.2. The issue stems from an uninitialized variable in Helm's handling of index and plugin YAML files with missing metadata. When such files are encountered, a panic occurs, potentially causing Helm client functions to fail. This vulnerability impacts functions related to adding a repository and all Helm functions if a malicious plugin is present. For Helm SDK users, this issue can be mitigated by using the `recover` function to catch panics in affected functions. Helm v3.14.2 addresses this issue and users are advised to upgrade as soon as possible. If a malicious plugin has already been added, it can be removed manually from the filesystem.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Helm

Affected Vendors

Helm

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners