Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
References
Link | Resource |
---|---|
https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ | Exploit Third Party Advisory |
https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7 | Exploit Third Party Advisory |
https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ | Exploit Third Party Advisory |
https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ - Exploit, Third Party Advisory | |
References | () https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7 - Exploit, Third Party Advisory |
07 Aug 2024, 15:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:* | |
First Time |
Argoproj
Argoproj argo Cd |
Information
Published : 2022-02-04 21:15
Updated : 2024-11-21 06:50
NVD link : CVE-2022-24348
Mitre link : CVE-2022-24348
CVE.ORG link : CVE-2022-24348
JSON object : View
Products Affected
argoproj
- argo_cd
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')