Oval Definition:	oval:org.opensuse.security:def:202015184
Revision Date: 2022-08-07 Version: 1 Title: CVE-2020-15184 Description: In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters. Family: unix Class: vulnerability Status: Reference(s): CVE-2020-15184 SUSE-CU-2020:555-1 SUSE-CU-2020:556-1 Mitre CVE-2020-15184 SUSE CVE-2020-15184 SUSE-CU-2020:555-1 SUSE-CU-2020:556-1 SUSE-CU-2020:783-1 SUSE-CU-2020:785-1 SUSE-CU-2020:788-1 SUSE-CU-2020:789-1 SUSE-CU-2020:791-1 SUSE-CU-2020:793-1 SUSE-SU-2020:3760-1 Platform(s): SUSE CaaS Platform 4.0 SUSE CaaS Platform 4.5 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Public Cloud 15 SP3 SUSE Linux Enterprise Module for Public Cloud 15 SP4 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.2 SUSE Manager Server 4.3 Product(s): Definition Synopsis SUSE CaaS Platform 4.5 is installed AND Package Information caasp-release-4.5.1-1.5.2 is installed OR helm3-3.3.3-3.5.2 is installed OR skuba-2.1.6-3.5.2 is installed OR skuba-update-2.1.6-3.5.2 is installed Definition Synopsis Release Information SUSE Linux Enterprise Module for Containers 15 SP1 is installed AND kubernetes-client-1.17.13-4.21.2 is installed OR kubernetes-common-1.17.13-4.21.2 is installed OR Package Information SUSE CaaS Platform 4.0 is installed AND caasp-release-4.2.4-24.36.1 is installed OR cri-o-1.16.1-3.37.3 is installed OR cri-o-kubeadm-criconfig-1.16.1-3.37.3 is installed OR etcdctl-3.4.13-4.15.1 is installed OR helm-2.16.12-3.10.1 is installed OR helm3-3.3.3-1.3.1 is installed OR kubernetes-client-1.17.13-4.21.2 is installed OR kubernetes-common-1.17.13-4.21.2 is installed OR kubernetes-kubeadm-1.17.13-4.21.2 is installed OR kubernetes-kubelet-1.17.13-4.21.2 is installed OR skuba-1.4.11-3.49.2 is installed OR skuba-update-1.4.11-3.49.2 is installed OR terraform-provider-aws-2.59.0-1.6.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Module for Public Cloud 15 SP3 is installed AND terraform-provider-aws is not affected OR Package Information SUSE Linux Enterprise Module for Containers 15 SP1 is installed AND kubernetes-client-1.17.13-4.21.2 is installed OR kubernetes-common-1.17.13-4.21.2 is installed Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 15 SP3 is installed OR SUSE Linux Enterprise Module for Public Cloud 15 SP3 is installed OR SUSE Linux Enterprise Server 15 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed OR SUSE Linux Enterprise Storage 7.1 is installed OR SUSE Manager Proxy 4.2 is installed OR SUSE Manager Retail Branch Server 4.2 is installed OR SUSE Manager Server 4.2 is installed AND terraform-provider-aws is not affected Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 15 SP1 is installed OR SUSE Linux Enterprise Module for Containers 15 SP1 is installed OR SUSE Linux Enterprise Server 15 SP1 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed OR SUSE Linux Enterprise Storage 6 is installed OR SUSE Manager Proxy 4.0 is installed OR SUSE Manager Retail Branch Server 4.0 is installed OR SUSE Manager Server 4.0 is installed AND kubernetes-client-1.17.13-4.21.2 is installed OR kubernetes-common-1.17.13-4.21.2 is installed OR Package Information SUSE CaaS Platform 4.0 is installed AND caasp-release-4.2.4-24.36.1 is installed OR cri-o-1.16.1-3.37.3 is installed OR cri-o-kubeadm-criconfig-1.16.1-3.37.3 is installed OR etcdctl-3.4.13-4.15.1 is installed OR helm-2.16.12-3.10.1 is installed OR helm3-3.3.3-1.3.1 is installed OR kubernetes-client-1.17.13-4.21.2 is installed OR kubernetes-common-1.17.13-4.21.2 is installed OR kubernetes-kubeadm-1.17.13-4.21.2 is installed OR kubernetes-kubelet-1.17.13-4.21.2 is installed OR skuba-1.4.11-3.49.2 is installed OR skuba-update-1.4.11-3.49.2 is installed OR terraform-provider-aws-2.59.0-1.6.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 15 SP1 is installed OR SUSE Linux Enterprise Module for Containers 15 SP1 is installed OR SUSE Linux Enterprise Server 15 SP1 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed OR SUSE Linux Enterprise Storage 6 is installed OR SUSE Manager Proxy 4.0 is installed OR SUSE Manager Retail Branch Server 4.0 is installed OR SUSE Manager Server 4.0 is installed AND Package Information kubernetes-client-1.17.13-4.21.2 is installed OR kubernetes-common-1.17.13-4.21.2 is installed Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 15 SP4 is installed OR SUSE Linux Enterprise Module for Public Cloud 15 SP4 is installed OR SUSE Linux Enterprise Server 15 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed OR SUSE Manager Proxy 4.3 is installed OR SUSE Manager Retail Branch Server 4.3 is installed OR SUSE Manager Server 4.3 is installed AND terraform-provider-aws is not affected
BACK