VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-9qu2-n6vn-aaar

Essentials
Severities (101)
References (13)
Severity details (16)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-9qu2-n6vn-aaar
Aliases	CVE-2023-25165 GHSA-pwcw-6f5g-gxf8
Summary	Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install\|upgrade\|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3	4.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25165.json
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2023-25165
cvssv3.1	4.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/helm/helm
generic_textual	HIGH	https://github.com/helm/helm
cvssv3.1	4.3	https://github.com/helm/helm/commit/293b50c65d4d56187cd4e2f390f0ada46b4c4737
generic_textual	MODERATE	https://github.com/helm/helm/commit/293b50c65d4d56187cd4e2f390f0ada46b4c4737
cvssv3.1	4.3	https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2
generic_textual	MODERATE	https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2
ssvc	Track	https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2
cvssv3.1	4.3	https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8
generic_textual	MODERATE	https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8
ssvc	Track	https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8
cvssv3	4.3	https://nvd.nist.gov/vuln/detail/CVE-2023-25165
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2023-25165
cvssv3.1	4.3	https://pkg.go.dev/vuln/GO-2023-1547
generic_textual	MODERATE	https://pkg.go.dev/vuln/GO-2023-1547

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25165.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-25165
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/helm/helm
		https://github.com/helm/helm/commit/293b50c65d4d56187cd4e2f390f0ada46b4c4737
		https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2
		https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8
		https://pkg.go.dev/vuln/GO-2023-1547
2168458		https://bugzilla.redhat.com/show_bug.cgi?id=2168458
cpe:2.3:a:helm:helm::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:helm:helm::::::::
CVE-2023-25165		https://nvd.nist.gov/vuln/detail/CVE-2023-25165
RHSA-2023:1326		https://access.redhat.com/errata/RHSA-2023:1326
RHSA-2024:1265		https://access.redhat.com/errata/RHSA-2024:1265

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25165.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/helm/helm

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/helm/helm/commit/293b50c65d4d56187cd4e2f390f0ada46b4c4737

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:09Z/ Found at https://github.com/helm/helm/commit/5abcf74227bfe8e5a3dbf105fe62e7b12deb58d2

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:09Z/ Found at https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-25165

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-25165

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://pkg.go.dev/vuln/GO-2023-1547

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.25858
EPSS Score	0.00058
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.