CVE-2022-24348
published 2022-02-04CVE-2022-24348: Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For…
PriorityP345high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
2.69%
84.0th percentile
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| argoproj | argo_cd | < 2.1.9 | 2.1.9 |
| argoproj | argo_cd | >= 2.2.0 < 2.2.4 | 2.2.4 |
| github.com | argoproj_argo-cd | >= 0 < 2.1.9 | 2.1.9 |
| github.com | argoproj_argo-cd_v2 | >= 0 < 2.1.9 | 2.1.9 |
| github.com | argoproj_argo-cd_v2 | >= 2.2.0 < 2.2.4 | 2.2.4 |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
ghsa7.7HIGH
osv7.7HIGH
vendor_redhat7.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
osv·2024-08-21
CVE-2022-24348 Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
Path traversal and dereference of symlinks in Argo CD in github.com/argoproj/argo-cd
GHSA
Path traversal and dereference of symlinks in Argo CD
ghsa·2022-02-07·CVSS 7.7
CVE-2022-24348 [HIGH] CWE-200 Path traversal and dereference of symlinks in Argo CD
Path traversal and dereference of symlinks in Argo CD
### Impact
All versions of Argo CD are vulnerable to a path traversal bug that allows to pass arbitrary values files to be consumed by Helm charts.
Additionally, it is possible to craft special Helm chart packages containing value files that are actually symbolic links, pointing to arbitrary files outside the repository's root directory.
If an attacker with permissions to create or update Applications knows or can guess the full path to a file containing valid YAML, they can create a malicious Helm chart to consume that YAML as values files, thereby gaining access to data they would otherwise have no access to.
The impact can especially become critical in environments that make use of encrypted value files (e.g. using plugins with
OSV
Path traversal and dereference of symlinks in Argo CD
osv·2022-02-07·CVSS 7.7
CVE-2022-24348 [HIGH] Path traversal and dereference of symlinks in Argo CD
Path traversal and dereference of symlinks in Argo CD
### Impact
All versions of Argo CD are vulnerable to a path traversal bug that allows to pass arbitrary values files to be consumed by Helm charts.
Additionally, it is possible to craft special Helm chart packages containing value files that are actually symbolic links, pointing to arbitrary files outside the repository's root directory.
If an attacker with permissions to create or update Applications knows or can guess the full path to a file containing valid YAML, they can create a malicious Helm chart to consume that YAML as values files, thereby gaining access to data they would otherwise have no access to.
The impact can especially become critical in environments that make use of encrypted value files (e.g. using plugins with
Red Hat
gitops: Path traversal and dereference of symlinks when passing Helm value files
vendor_redhat·2022-02-04·CVSS 7.7
CVE-2022-24348 [HIGH] CWE-22 gitops: Path traversal and dereference of symlinks when passing Helm value files
gitops: Path traversal and dereference of symlinks when passing Helm value files
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
A flaw was found in GitOps. This flaw allows an attacker with permissions to create or update applications in ArgoCD to craft a malicious helm chart that contains symbolic links pointing to arbitrary paths outside the repository root folder, leading to a path traversal issue. This issue enables the attacker to gain access to confidential information stored in other repositories within the same ArgoCD installation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7
2022-02-04
Published