CVE-2022-24731

EPSS 0.29%
Published 23.03.2022 21:15:08
Last modified 21.11.2024 06:50:58
Source security-advisories@github.com
Teams watchlist Login
Open Login

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The problem can be mitigated by avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can `create` or `update` Applications.

Affected products Warnungen 0 Metrics 4 CWE 3 References 4

Data is provided by the National Vulnerability Database (NVD)

Argoproj ≫ Argo Cd Version >= 1.5.0 < 2.1.11

Argoproj ≫ Argo Cd Version >= 2.2.0 < 2.2.6

Argoproj ≫ Argo Cd Version2.3.0 Updaterc1

Argoproj ≫ Argo Cd Version2.3.0 Updaterc2

Argoproj ≫ Argo Cd Version2.3.0 Updaterc4

Argoproj ≫ Argo Cd Version2.3.0 Updaterc5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.52

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
security-advisories@github.com	6.8	2.3	4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/argoproj/argo-cd/security/advisories/GHSA-h6h5-6fmq-rh28

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-24731

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24731

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24731

EUVD