4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
39.4%
All unpatched versions of Argo CD starting with v0.7.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD’s repo-server.
A malicious Argo CD user with write access for a repository which is (or may be) used in a directory-type Application may commit a symlink which points to an out-of-bounds file.
Sensitive files which could be leaked include manifest files from other Applications’ source repositories (potentially decrypted files, if you are using a decryption plugin) or any JSON-formatted secrets which have been mounted as files on the repo-server.
A patch for this vulnerability has been released in the following Argo CD versions:
jsonnet.enable
since the same build tool is used for both Jsonnet and plain-manifest (“directory”) sources.This vulnerability was originally discovered as part of the Trail of Bits audit, published March 12, 2021. The behavior was left unchanged at the time.
The vulnerability was independently re-discovered by @crenshaw-dev, who contributed the patch. A security audit by Ada Logics independently followed up on the Trail of Bits report around the same time.
Open an issue in the Argo CD issue tracker or discussions
Join us on Slack in channel #argo-cd
CPE | Name | Operator | Version |
---|---|---|---|
github.com/argoproj/argo-cd/v2 | lt | 2.3.4 | |
github.com/argoproj/argo-cd/v2 | lt | 2.2.9 | |
github.com/argoproj/argo-cd/v2 | lt | 2.1.15 |
github.com/advisories/GHSA-6gcg-hp2x-q54h
github.com/argoproj/argo-cd/commit/5e767a4b9e30983330c0fdec322192281a90eb84
github.com/argoproj/argo-cd/commit/7357cfdb58a560de70a0538c6e3bef6fe39505ea
github.com/argoproj/argo-cd/commit/d36d95dc9f71ec61c1a93794f81ece6d61a0d943
github.com/argoproj/argo-cd/releases/tag/v2.1.15
github.com/argoproj/argo-cd/releases/tag/v2.2.9
github.com/argoproj/argo-cd/releases/tag/v2.3.4
github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h
nvd.nist.gov/vuln/detail/CVE-2022-24904
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
39.4%