CVE-2019-25210 Information

Description

An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the –dry-run flag is used. This is a security concern in some use cases such as a –dry-run call by a CI/CD tool. NOTE: the vendor’s position is that this behavior was introduced intentionally and cannot be removed without breaking backwards compatibility (some users may be relying on these values).

Reference

https://github.com/helm/helm/issues/7275 https://www.cncf.io/projects/helm/