CRITICAL🇵🇱 Wersja polska

CVE-2026-45132

CVSS 10.0v3.1pub. 2026-06-01

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials (Personal Access Token and SSH signing key) to fork-controlled code due to unsafe checkout and credential handling practices. This issue has been patched via commit fcf9302.

🤖 AI Analysis
How it works

The generate-schema.yaml workflow performs code checkout in an unsafe manner, failing to properly isolate the execution environment from code originating from external repository forks. As a result, code submitted by an attacker via a pull request from a fork gains access to environment variables containing Personal Access Token (PAT) and SSH signing key. The attacker can thus obtain these credentials during CI/CD pipeline execution.

Impact

An attacker can seize the Personal Access Token and SSH key assigned to the repository, enabling unauthorized access to associated resources, code modification, or compromise of the software supply chain integrity.

Mitigation & patch

The repository should be updated to the version containing commit fcf9302 (fcf930211604652aec15085895b6457bc8b73b54), which introduces a fix for secure credential handling in GitHub Actions workflows. Details available in vendor references (GHSA-r874-j8fr-x2pj).

Who is affected

CloudPirates Open Source Helm Charts – all versions before commit fcf930211604652aec15085895b6457bc8b73b54

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
CI/CD
CWE
References