CVE-2022-31036

EPSS 0.25%
Veröffentlicht 27.06.2022 20:15:08
Zuletzt bearbeitet 21.11.2024 07:03:45
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version >=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 3 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Argoproj ≫ Argo Cd Version >= 1.3.0 < 2.1.6

Argoproj ≫ Argo Cd Version2.2.9

Argoproj ≫ Argo Cd Version2.3.4

Argoproj ≫ Argo Cd Version2.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.479

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CWE-61 UNIX Symbolic Link (Symlink) Following

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

https://github.com/argoproj/argo-cd/commit/04c305396458508a31d03d44afea07b1c620d7cd

Patch

Third Party Advisory

https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm

Third Party Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-31036

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31036

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31036

EUVD