Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2022-24348

Related Vulnerabilities: CVE-2022-24348  

A flaw was found in GitOps. This flaw allows an attacker with permissions to create or update applications in ArgoCD to craft a malicious helm chart that contains symbolic links pointing to arbitrary paths outside the repository root folder, leading to a path traversal issue. This issue enables the attacker to gain access to confidential information stored in other repositories stored within the same ArgoCD installation.

Source

Description

A flaw was found in GitOps. This flaw allows an attacker with permissions to create or update applications in ArgoCD to craft a malicious helm chart that contains symbolic links pointing to arbitrary paths outside the repository root folder, leading to a path traversal issue. This issue enables the attacker to gain access to confidential information stored in other repositories stored within the same ArgoCD installation.

Additional Information

  • Bugzilla 2050826: CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • FAQ: Frequently asked questions about CVE-2022-24348

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started