Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-R9CR-HVJJ-496V
HistoryMar 24, 2022 - 12:04 a.m.

Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server

2022-03-2400:04:03
Google
osv.dev
10

0.001 Low

EPSS

Percentile

28.8%

JSON

Impact

All unpatched versions of Argo CD starting with v1.3.0 are vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access to leak sensitive files from Argo CD’s repo-server.

A malicious Argo CD user who has been granted get access for a repository containing a Helm chart can craft an API request to the /api/v1/repositories/{repo_url}/appdetails endpoint to leak the contents of out-of-bounds files from the repo-server.

The malicious payload would reference an out-of-bounds file, and the contents of that file would be returned as part of the response. Contents from a non-YAML file may be returned as part of an error message. The attacker would have to know or guess the location of the target file.

Sensitive files which could be leaked include files from other Applications’ source repositories (potentially decrypted files, if you are using a decryption plugin) or any secrets which have been mounted as files on the repo-server.

Patches

A patch for this vulnerability has been released in the following Argo CD versions:

  • v2.3.0
  • v2.2.6
  • v2.1.11

The patches do two things:

  1. prevent path traversal
  2. limit /api/v1/repositories/{repo_url}/appdetails access to users who either A) have been granted Application create privileges or B) have been granted Application get privileges and are requesting details for a repo_url that has already been used for the given Application

Workarounds

The only certain way to avoid the vulnerability is to upgrade.

To mitigate the problem, you can

References

For more information

Open an issue in the Argo CD issue tracker or discussions
Join us on Slack in channel #argo-cd

Related

prion 1
osv 1
github 1
redhatcve 1
cve 1
gitlab 1
cvelist 1
nvd 1
redhat 4
prion
prion
Path traversal
2022-03-23 21:15:00
osv
osv
CVE-2022-24730
2022-03-23 21:15:08
github
github
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
2022-03-24 00:04:03
redhatcve
redhatcve
CVE-2022-24730
2022-03-22 17:41:02
cve
cve
CVE-2022-24730
2022-03-23 21:15:08
gitlab
gitlab
Improper Access Control
2022-03-24 00:00:00
cvelist
cvelist
CVE-2022-24730 Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
2022-03-23 20:50:09
nvd
nvd
CVE-2022-24730
2022-03-23 21:15:08
redhat
redhat
(RHSA-2022:1040) Important: Red Hat OpenShift GitOps security update
2022-03-23 21:13:36
(RHSA-2022:1039) Important: Red Hat OpenShift GitOps security update
2022-03-23 21:13:24
(RHSA-2022:1041) Important: Red Hat OpenShift GitOps security update
2022-03-23 21:13:43

0.001 Low

EPSS

Percentile

28.8%

JSON
Related for OSV:GHSA-R9CR-HVJJ-496V
prion1osv1github1redhatcve1cve1gitlab1cvelist1nvd1redhat4