Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/
github.com/advisories/GHSA-63qx-x74g-jcr7
github.com/argoproj/argo-cd/commit/78c2084f0febd159039ff785ddc2bd4ba1cecf88
github.com/argoproj/argo-cd/releases/tag/v2.1.9
github.com/argoproj/argo-cd/releases/tag/v2.2.4
github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7
nvd.nist.gov/vuln/detail/CVE-2022-24348