Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
Metrics
Affected Vendors & Products
References
History
Wed, 07 Aug 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Argoproj
Argoproj argo Cd |
|
CPEs | cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linuxfoundation
Linuxfoundation argo-cd |
Argoproj
Argoproj argo Cd |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-04T20:26:21
Updated: 2024-08-03T04:07:02.386Z
Reserved: 2022-02-02T00:00:00
Link: CVE-2022-24348
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-04T21:15:08.103
Modified: 2024-11-21T06:50:13.463
Link: CVE-2022-24348
Redhat