Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-3ED8942E26C67A30179DAA94F80D81FD

HistoryFeb 07, 2022 - 12:00 a.m.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

2022-02-0700:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

improper limitation

path traversal

directory traversal

argo cd

helm charts

yaml file disclosure

EPSS

0.001

Percentile

33.0%

JSON

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

References

apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/

github.com/advisories/GHSA-63qx-x74g-jcr7

github.com/argoproj/argo-cd/commit/78c2084f0febd159039ff785ddc2bd4ba1cecf88

github.com/argoproj/argo-cd/releases/tag/v2.1.9

github.com/argoproj/argo-cd/releases/tag/v2.2.4

github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7

nvd.nist.gov/vuln/detail/CVE-2022-24348

EPSS

0.001

Percentile

33.0%

JSON

Related for GITLAB-3ED8942E26C67A30179DAA94F80D81FD