Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-25165

Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.6%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2023-25165
  • Helm » Helm » Version: 3.0.0
    cpe:2.3:a:helm:helm:3.0.0
  • Helm » Helm » Version: 3.0.1
    cpe:2.3:a:helm:helm:3.0.1
  • Helm » Helm » Version: 3.0.2
    cpe:2.3:a:helm:helm:3.0.2
  • Helm » Helm » Version: 3.0.3
    cpe:2.3:a:helm:helm:3.0.3
  • Helm » Helm » Version: 3.1.0
    cpe:2.3:a:helm:helm:3.1.0
  • Helm » Helm » Version: 3.1.1
    cpe:2.3:a:helm:helm:3.1.1
  • Helm » Helm » Version: 3.1.2
    cpe:2.3:a:helm:helm:3.1.2
  • Helm » Helm » Version: 3.1.3
    cpe:2.3:a:helm:helm:3.1.3
  • Helm » Helm » Version: 3.10.0
    cpe:2.3:a:helm:helm:3.10.0
  • Helm » Helm » Version: 3.10.1
    cpe:2.3:a:helm:helm:3.10.1
  • Helm » Helm » Version: 3.10.2
    cpe:2.3:a:helm:helm:3.10.2
  • Helm » Helm » Version: 3.10.3
    cpe:2.3:a:helm:helm:3.10.3
  • Helm » Helm » Version: 3.11.0
    cpe:2.3:a:helm:helm:3.11.0
  • Helm » Helm » Version: 3.2.0
    cpe:2.3:a:helm:helm:3.2.0
  • Helm » Helm » Version: 3.2.1
    cpe:2.3:a:helm:helm:3.2.1
  • Helm » Helm » Version: 3.2.2
    cpe:2.3:a:helm:helm:3.2.2
  • Helm » Helm » Version: 3.2.3
    cpe:2.3:a:helm:helm:3.2.3
  • Helm » Helm » Version: 3.2.4
    cpe:2.3:a:helm:helm:3.2.4
  • Helm » Helm » Version: 3.3.0
    cpe:2.3:a:helm:helm:3.3.0
  • Helm » Helm » Version: 3.3.1
    cpe:2.3:a:helm:helm:3.3.1
  • Helm » Helm » Version: 3.3.2
    cpe:2.3:a:helm:helm:3.3.2
  • Helm » Helm » Version: 3.3.3
    cpe:2.3:a:helm:helm:3.3.3
  • Helm » Helm » Version: 3.3.4
    cpe:2.3:a:helm:helm:3.3.4
  • Helm » Helm » Version: 3.4.0
    cpe:2.3:a:helm:helm:3.4.0
  • Helm » Helm » Version: 3.4.1
    cpe:2.3:a:helm:helm:3.4.1
  • Helm » Helm » Version: 3.4.2
    cpe:2.3:a:helm:helm:3.4.2
  • Helm » Helm » Version: 3.5.0
    cpe:2.3:a:helm:helm:3.5.0
  • Helm » Helm » Version: 3.5.1
    cpe:2.3:a:helm:helm:3.5.1
  • Helm » Helm » Version: 3.5.2
    cpe:2.3:a:helm:helm:3.5.2
  • Helm » Helm » Version: 3.5.3
    cpe:2.3:a:helm:helm:3.5.3
  • Helm » Helm » Version: 3.5.4
    cpe:2.3:a:helm:helm:3.5.4
  • Helm » Helm » Version: 3.6.0
    cpe:2.3:a:helm:helm:3.6.0
  • Helm » Helm » Version: 3.6.1
    cpe:2.3:a:helm:helm:3.6.1
  • Helm » Helm » Version: 3.6.2
    cpe:2.3:a:helm:helm:3.6.2
  • Helm » Helm » Version: 3.6.3
    cpe:2.3:a:helm:helm:3.6.3
  • Helm » Helm » Version: 3.7.0
    cpe:2.3:a:helm:helm:3.7.0
  • Helm » Helm » Version: 3.7.1
    cpe:2.3:a:helm:helm:3.7.1
  • Helm » Helm » Version: 3.7.2
    cpe:2.3:a:helm:helm:3.7.2
  • Helm » Helm » Version: 3.8.0
    cpe:2.3:a:helm:helm:3.8.0
  • Helm » Helm » Version: 3.8.1
    cpe:2.3:a:helm:helm:3.8.1
  • Helm » Helm » Version: 3.8.2
    cpe:2.3:a:helm:helm:3.8.2
  • Helm » Helm » Version: 3.9.0
    cpe:2.3:a:helm:helm:3.9.0
  • Helm » Helm » Version: 3.9.1
    cpe:2.3:a:helm:helm:3.9.1
  • Helm » Helm » Version: 3.9.2
    cpe:2.3:a:helm:helm:3.9.2
  • Helm » Helm » Version: 3.9.3
    cpe:2.3:a:helm:helm:3.9.3
  • Helm » Helm » Version: 3.9.4
    cpe:2.3:a:helm:helm:3.9.4


Products
Pricing
Contact Us

Shodan ® - All rights reserved