Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-CBDFF390B8BF9173BEB9FE970BD0D71AHistoryFeb 07, 2022 - 12:00 a.m.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
2022-02-0700:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
13
0.001 Low
EPSS
Percentile
33.2%
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go/github.com/argoproj/argo-cd | lt | 2.1.9 |
References
apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/
github.com/advisories/GHSA-63qx-x74g-jcr7
github.com/argoproj/argo-cd/commit/78c2084f0febd159039ff785ddc2bd4ba1cecf88
github.com/argoproj/argo-cd/releases/tag/v2.1.9
github.com/argoproj/argo-cd/releases/tag/v2.2.4
github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7
nvd.nist.gov/vuln/detail/CVE-2022-24348
Related
osv
osv
Path traversal and dereference of symlinks in Argo CD
2022-02-07 19:06:18
CVE-2022-24348
2022-02-04 21:15:08
thn
thn
New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps
2022-02-06 05:48:00
cnvd
cnvd
Argo CD path traversal vulnerability
2022-02-10 00:00:00
prion
prion
Directory traversal
2022-02-04 21:15:00
cve
cve
CVE-2022-24348
2022-02-04 21:15:08
redhatcve
redhatcve
CVE-2022-24348
2022-02-08 14:18:04
cvelist
cvelist
CVE-2022-24348
2022-02-04 20:26:21
github
github
Path traversal and dereference of symlinks in Argo CD
2022-02-07 19:06:18
nvd
nvd
CVE-2022-24348
2022-02-04 21:15:08
gitlab
gitlab
veracode
veracode
Directory Traversal
2022-02-07 14:23:13
redhat
redhat
(RHSA-2022:0682) Important: Red Hat OpenShift GitOps security update
2022-02-25 19:44:30
(RHSA-2022:0477) Important: Red Hat OpenShift GitOps security update
2022-02-08 22:07:57
(RHSA-2022:0476) Important: Red Hat OpenShift GitOps security update
2022-02-08 22:00:22
threatpost
threatpost
Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers
2022-02-04 18:26:07
Supply Chain Security Is Not a Problemβ¦Itβs a Predicament
2022-02-02 19:23:41
KP Snacks Left with Crumbs After Ransomware Attack
2022-02-02 22:25:35