CVE-2022-24348

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24348

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24348.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24348

Aliases

Related

GHSA-63qx-x74g-jcr7

Published

2022-02-04T21:15:08Z

Modified

2025-01-14T10:50:20.683945Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

References

Affected packages

Git / github.com/argoproj/argo-cd

Affected ranges

Type: GIT
Repo: https://github.com/argoproj/argo-cd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5c51d5dae0a8c8940979db3eff5cc6be7bff9250

Affected versions

v0.*

v0.1.0

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.4.0

v0.4.0-alpha1

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.8.0

v2.*

v2.1.0

v2.1.0-rc1

v2.1.0-rc2

v2.1.0-rc3

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8