CVE-2022-24731
CVSS V2 Medium 4
CVSS V3 Medium 4.9
Description
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The problem can be mitigated by avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can `create` or `update` Applications.
Overview
- CVE ID
- CVE-2022-24731
- Assigner
- security-advisories@github.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-03-23T21:15:08
- Last Modified Date
- 2022-04-01T14:03:20
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:* | 1 | OR | 1.5.0 | 2.1.11 |
| cpe:2.3:a:linuxfoundation:argo-cd:*:*:*:*:*:*:*:* | 1 | OR | 2.2.0 | 2.2.6 |
| cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc2:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc4:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:linuxfoundation:argo-cd:2.3.0:rc5:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:S/C:P/I:N/A:N
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- SINGLE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 4
- Severity
- MEDIUM
- Exploitability Score
- 8
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- HIGH
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- NONE
- Base Score
- 4.9
- Base Severity
- MEDIUM
- Exploitability Score
- 1.2
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/argoproj/argo-cd/security/advisories/GHSA-h6h5-6fmq-rh28 | Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-24731 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24731 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-04-04 00:39:11 | Added to TrackCVE | |||
| 2022-12-06 13:10:38 | 2022-03-23T21:15Z | 2022-03-23T21:15:08 | CVE Published Date | updated |
| 2022-12-06 13:10:38 | 2022-04-01T14:03:20 | CVE Modified Date | updated | |
| 2022-12-06 13:10:38 | Analyzed | Vulnerability Status | updated | |
| 2022-12-06 13:10:38 | CWE-209 | Weakness Enumeration | updated |