Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-45131

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens without requiring maintainer approval. This issue has been patched via commit fcf9302.

Ver en NVD

Análisis

Esta vulnerabilidad en los Helm Charts de CloudPirates permite a un atacante ejecutar código arbitrario a través de un pull request malicioso en GitHub Actions. El fallo expone secretos críticos del repositorio, como credenciales de Docker Hub y tokens de acceso, facilitando el compromiso total de la cadena de suministro de software. Es indispensable actualizar para proteger los flujos de CI/CD y la infraestructura de despliegue.

Roles relevantes

KubernetesDockerCloudCyberSecurityBackend

Severidad

Puntaje: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: NONE
Tipo de falla (CWE): CWE-94

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Descripción técnica

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens without requiring maintainer approval. This issue has been patched via commit fcf9302.

Publicada: 1/6/2026, 17:17:08
Última modificación: 1/6/2026, 18:14:29

Referencias

InicioEventosBlogRecursosEquipo