Lucene search
Veracode Vulnerability DatabaseVERACODE:34805HistoryMar 24, 2022 - 5:05 a.m.
Path Traversal
2022-03-2405:05:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
argocd
path traversal
vulnerability
resolvesymboliclinkrecursive
repository.go
malicious user
sensitive information
software
EPSS
0.001
Percentile
40.2%
github.com/argoproj/argo-cd is vulnerable to path traversal. The vulnerability exists in the resolveSymbolicLinkRecursive function of the repository.go, which allows a malicious user with write and update permissions to craft malicious Helm chart and gain access to sensitive information in the system.
References
github.com/argoproj/argo-cd/commit/6e54e59e820e0b18c2890a47f2c80fbe989995d1
github.com/argoproj/argo-cd/pull/8606
github.com/argoproj/argo-cd/releases/tag/v2.1.11
github.com/argoproj/argo-cd/releases/tag/v2.2.6
github.com/argoproj/argo-cd/releases/tag/v2.3.0
github.com/argoproj/argo-cd/security/advisories/GHSA-h6h5-6fmq-rh28
Related
prion
prion
Path traversal
2022-03-23 21:15:00
gitlab
gitlab
Improper Access Control
2022-03-24 00:00:00
osv
osv
Path traversal allows leaking out-of-bound files from Argo CD repo-server
2022-03-24 00:12:46
Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
2024-08-21 14:30:29
CVE-2022-24731
2022-03-23 21:15:08
nvd
nvd
CVE-2022-24731
2022-03-23 21:15:08
cve
cve
CVE-2022-24731
2022-03-23 21:15:08
redhatcve
redhatcve
CVE-2022-24731
2022-03-22 17:41:02
cvelist
cvelist
github
github
Path traversal allows leaking out-of-bound files from Argo CD repo-server
2022-03-24 00:12:46
redhat
redhat
(RHSA-2022:1040) Important: Red Hat OpenShift GitOps security update
2022-03-23 21:13:36
(RHSA-2022:1039) Important: Red Hat OpenShift GitOps security update
2022-03-23 21:13:24
(RHSA-2022:1041) Important: Red Hat OpenShift GitOps security update
2022-03-23 21:13:43