| > What is the attack scenario here? Given the details in the article, I think even something as simple a templating a chart from a repository might be vuln., but it likely depends on a lot of exact specifics. > Where are the security boundaries? I expect templating does not result in LCE. > How does the attacker gets their repository with a symlink in it to the victim? The attacker owns the repository. They can serve whatever maliciousness in it they want. But should templating a malicious chart result in LCE? > Is Helm typically run as a privileged user? Enough so, yes, because the rendered result is often pushed to a k8s cluster. "Privileged" here might not be "root", but it might be "this user has k8s API access". Imagine, e.g., that the attacker's LCE here might be "push ~/.kube to attacker". > And why doesn't the vulnerability description give answers to these questions? Familiarity with the tools involved is an normal assumption. |