Tiller Helm component is deployed
Severity | Exploitability | Providers | Categories |
---|---|---|---|
CRITICAL | MEDIUM | Kubernetes | OTHER |
Description
The Tiller Helm component served as a server component prior to Helm v3, enabling communication between the Helm client and the cluster.
However, Tiller Helm been deprecated since Helm v3 and should no longer be used.
Its removal has resulted in a simplified security model that directly integrates with Kubernetes' modern security, identity, and authorization mechanisms.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Tiller Helm is no longer maintained and could introduce security vulnerabilities.
Remediation guidelines
Upgrade Helm to v3.