High severityNVD Advisory· Published Feb 4, 2022· Updated Aug 3, 2024
CVE-2022-24348
CVE-2022-24348
Description
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/argoproj/argo-cd/v2Go | < 2.1.9 | 2.1.9 |
github.com/argoproj/argo-cd/v2Go | >= 2.2.0, < 2.2.4 | 2.2.4 |
github.com/argoproj/argo-cdGo | < 2.1.9 | 2.1.9 |
Affected products
3- Argo CD/Argo CDdescription
- ghsa-coords2 versions
< 2.1.9+ 1 more
- (no CPE)range: < 2.1.9
- (no CPE)range: < 2.1.9
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-63qx-x74g-jcr7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24348ghsaADVISORY
- apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deploymentsghsaWEB
- apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/mitrex_refsource_MISC
- github.com/argoproj/argo-cd/commit/78c2084f0febd159039ff785ddc2bd4ba1cecf88ghsaWEB
- github.com/argoproj/argo-cd/releases/tag/v2.1.9ghsaWEB
- github.com/argoproj/argo-cd/releases/tag/v2.2.4ghsaWEB
- github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.