←back to thread

Helm local code execution via a malicious chart

(github.com)
171 points irke882 | 1 comments | 09 Jul 25 05:49 UTC | HN request time: 0.488s | source
Show context
Sjoerd ◴[09 Jul 25 07:02 UTC] No.44507062[source]
What is the attack scenario here? Where are the security boundaries? How does the attacker gets their repository with a symlink in it to the victim? Is Helm typically run as a privileged user? How would this work? And why doesn't the vulnerability description give answers to these questions?
replies(3): >>44508183 #>>44509972 #>>44515929 #
1. xyst ◴[09 Jul 25 13:44 UTC] No.44509972[source]
Questions like this make me wonder if "hacker" news needs a rebranding.

Basic tech news?

Capitalist news?

Vulture Capitalist news?