top | item 44507439

(no title)

So the attack vector is:

- You have access to my file system

- You have access to the helm repository

You place malicious binaries outside the helm directory. Helm will now execute malicious code through the helm chart pointing outside the helm directory.

Don't I have already bigger problems if you have access to my file system to place there malicious code?

Is the danger here that one can get an execute permission? But if you can manipulate my helm chart why can you not also place the malicious code in the helm directory?

discuss

romaaeterna|7 months ago

> You place malicious binaries outside the helm directory

No, helm is the one doing this part in the vuln. Chart.lock is made a symlink to some important file, and helm will happily write to it.

Joker_vD|7 months ago

Yeah, there is a rather strong "downloading and executing arbitrary code from the Internet may lead to execution of arbitrary code" kind of vibe there.

captn3m0|7 months ago

Starting on the other side of the airtight hatchway: https://devblogs.microsoft.com/oldnewthing/20221004-00/?p=10...

nijave|7 months ago

Seems the normal mitigations apply i.e. validate with hash or save a local copy. Validate new versions before adopting

steveBK123|7 months ago

And yet you just described the behavior of many mid-size company "DevOps" departments.

nimih|7 months ago

> But if you can manipulate my helm chart why can you not also place the malicious code in the helm directory?

If you can manipulate my helm chart, why not just do the RCE directly in my kubernetes cluster or whatever?

unknown|7 months ago

[deleted]