Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 03 Jun 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Cloudpirates-io
Cloudpirates-io helm-charts |
|
| Vendors & Products |
Cloudpirates-io
Cloudpirates-io helm-charts |
Mon, 01 Jun 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 01 Jun 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens without requiring maintainer approval. This issue has been patched via commit fcf9302. | |
| Title | CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests | |
| Weaknesses | CWE-94 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-06-01T19:06:45.455Z
Reserved: 2026-05-08T20:08:17.209Z
Link: CVE-2026-45131
Updated: 2026-06-01T19:06:33.153Z
Status : Deferred
Published: 2026-06-01T17:17:08.450
Modified: 2026-06-01T18:14:29.087
Link: CVE-2026-45131
No data.
OpenCVE Enrichment
Updated: 2026-06-02T20:54:15Z