{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-04T20:26:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-24348", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/", "refsource": "MISC", "url": "https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/"}, {"name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7", "refsource": "CONFIRM", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:07:02.386Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-24348", "datePublished": "2022-02-04T20:26:21", "dateReserved": "2022-02-02T00:00:00", "dateUpdated": "2024-08-03T04:07:02.386Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*", "matchCriteriaId": "31E46A1D-D027-4D65-80E9-DCC5CB3D287D", "versionEndExcluding": "2.1.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*", "matchCriteriaId": "229A9622-6079-4EEA-8E2B-1EA4CB5F17C4", "versionEndExcluding": "2.2.4", "versionStartIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file."}, {"lang": "es", "value": "Argo CD versiones anteriores a 2.1.9 y versiones 2.2.x anteriores a 2.2.4, permite un salto de directorios relacionado con los gr\u00e1ficos de Helm debido a un error en helmTemplate en el archivo repository.go. Por ejemplo, un atacante puede ser capaz de detectar las credenciales almacenadas en un archivo YAML"}], "id": "CVE-2022-24348", "lastModified": "2024-11-21T06:50:13.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-04T21:15:08.103", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0580", "cpe": "cpe:/a:redhat:openshift_gitops:1.2::el8", "package": "openshift-gitops-1/applicationset-rhel8:v1.2.2-3", "product_name": "Red Hat OpenShift GitOps 1.2", "release_date": "2022-02-17T00:00:00Z"}, {"advisory": "RHSA-2022:0580", "cpe": "cpe:/a:redhat:openshift_gitops:1.2::el8", "package": "openshift-gitops-1/argocd-rhel8:v1.2.2-2", "product_name": "Red Hat OpenShift GitOps 1.2", "release_date": "2022-02-17T00:00:00Z"}, {"advisory": "RHSA-2022:0580", "cpe": "cpe:/a:redhat:openshift_gitops:1.2::el8", "package": "openshift-gitops-1/gitops-operator-bundle:v1.2.2-5", "product_name": "Red Hat OpenShift GitOps 1.2", "release_date": "2022-02-17T00:00:00Z"}, {"advisory": "RHSA-2022:0580", "cpe": "cpe:/a:redhat:openshift_gitops:1.2::el8", "package": "openshift-gitops-1/gitops-rhel8:v1.2.2-3", "product_name": "Red Hat OpenShift GitOps 1.2", "release_date": "2022-02-17T00:00:00Z"}, {"advisory": "RHSA-2022:0580", "cpe": "cpe:/a:redhat:openshift_gitops:1.2::el8", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.2.2-3", "product_name": "Red Hat OpenShift GitOps 1.2", "release_date": "2022-02-17T00:00:00Z"}, {"advisory": "RHSA-2022:0580", "cpe": "cpe:/a:redhat:openshift_gitops:1.2::el8", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.2.2-3", "product_name": "Red Hat OpenShift GitOps 1.2", "release_date": "2022-02-17T00:00:00Z"}, {"advisory": "RHSA-2022:0476", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/applicationset-rhel8:v1.3.3-2", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0476", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/argocd-rhel8:v1.3.3-2", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0476", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/dex-rhel8:v1.3.3-2", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0476", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/gitops-operator-bundle:v1.3.3-2", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0476", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/gitops-rhel8:v1.3.3-2", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0476", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.3.3-2", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0476", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.3.3-2", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0682", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/applicationset-rhel8:v1.3.4-1", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-25T00:00:00Z"}, {"advisory": "RHSA-2022:0682", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/argocd-rhel8:v1.3.4-1", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-25T00:00:00Z"}, {"advisory": "RHSA-2022:0682", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/dex-rhel8:v1.3.4-1", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-25T00:00:00Z"}, {"advisory": "RHSA-2022:0682", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/gitops-operator-bundle:v1.3.4-1", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-25T00:00:00Z"}, {"advisory": "RHSA-2022:0682", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/gitops-rhel8:v1.3.4-1", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-25T00:00:00Z"}, {"advisory": "RHSA-2022:0682", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.3.4-1", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-25T00:00:00Z"}, {"advisory": "RHSA-2022:0682", "cpe": "cpe:/a:redhat:openshift_gitops:1.3::el8", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.3.4-1", "product_name": "Red Hat OpenShift GitOps 1.3", "release_date": "2022-02-25T00:00:00Z"}, {"advisory": "RHSA-2022:0477", "cpe": "cpe:/a:redhat:openshift_gitops:1.4::el8", "package": "openshift-gitops-1/applicationset-rhel8:v1.4.2-3", "product_name": "Red Hat OpenShift GitOps 1.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0477", "cpe": "cpe:/a:redhat:openshift_gitops:1.4::el8", "package": "openshift-gitops-1/argocd-rhel8:v1.4.2-3", "product_name": "Red Hat OpenShift GitOps 1.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0477", "cpe": "cpe:/a:redhat:openshift_gitops:1.4::el8", "package": "openshift-gitops-1/dex-rhel8:v1.4.2-3", "product_name": "Red Hat OpenShift GitOps 1.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0477", "cpe": "cpe:/a:redhat:openshift_gitops:1.4::el8", "package": "openshift-gitops-1/gitops-operator-bundle:v1.4.2-3", "product_name": "Red Hat OpenShift GitOps 1.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0477", "cpe": "cpe:/a:redhat:openshift_gitops:1.4::el8", "package": "openshift-gitops-1/gitops-rhel8:v1.4.2-3", "product_name": "Red Hat OpenShift GitOps 1.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0477", "cpe": "cpe:/a:redhat:openshift_gitops:1.4::el8", "package": "openshift-gitops-1/gitops-rhel8-operator:v1.4.2-3", "product_name": "Red Hat OpenShift GitOps 1.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0477", "cpe": "cpe:/a:redhat:openshift_gitops:1.4::el8", "package": "openshift-gitops-1/kam-delivery-rhel8:v1.4.2-3", "product_name": "Red Hat OpenShift GitOps 1.4", "release_date": "2022-02-08T00:00:00Z"}], "bugzilla": {"description": "gitops: Path traversal and dereference of symlinks when passing Helm value files", "id": "2050826", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050826"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.", "A flaw was found in GitOps. This flaw allows an attacker with permissions to create or update applications in ArgoCD to craft a malicious helm chart that contains symbolic links pointing to arbitrary paths outside the repository root folder, leading to a path traversal issue. This issue enables the attacker to gain access to confidential information stored in other repositories within the same ArgoCD installation."], "name": "CVE-2022-24348", "public_date": "2022-02-04T14:07:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-24348\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-24348\nhttps://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7"], "threat_severity": "Important"}