CVE-2022-24348

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*
cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:50

Type Values Removed Values Added
References () https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ - Exploit, Third Party Advisory () https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ - Exploit, Third Party Advisory
References () https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7 - Exploit, Third Party Advisory () https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7 - Exploit, Third Party Advisory

07 Aug 2024, 15:43

Type Values Removed Values Added
CPE cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:* cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*
First Time Argoproj
Argoproj argo Cd

Information

Published : 2022-02-04 21:15

Updated : 2024-11-21 06:50


NVD link : CVE-2022-24348

Mitre link : CVE-2022-24348

CVE.ORG link : CVE-2022-24348


JSON object : View

Products Affected

argoproj

  • argo_cd
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')