Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:36044
HistoryJun 20, 2022 - 3:16 a.m.

Path Traversal

2022-06-2003:16:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
path traversal
git.go
readfromrepository
symbolic link
arbitrary files
software

EPSS

0.002

Percentile

56.3%

github.com/argoproj/argo-events is vulnerable to path traversal. The vulnerability exists because the readFromRepository function of git.go does not properly check whether the file at GitArtifactReader.artificat.FilePath is a symbolic link before it is opened and read, allowing an attacker to access files outside the expected directory and reads the arbitrary files.

Affected configurations

Vulners
Node
argoprojargo_cdMatchstable
OR
argoprojargo_cdMatchv.0.9
OR
argoprojargo_cdMatchstable
OR
argoprojargo_cdMatchv.0.9
OR
argoprojargo_cdRangev1.7.0
VendorProductVersionCPE
argoprojargo_cdstablecpe:2.3:a:argoproj:argo_cd:stable:*:*:*:*:*:*:*
argoprojargo_cdv.0.9cpe:2.3:a:argoproj:argo_cd:v.0.9:*:*:*:*:*:*:*
argoprojargo_cd*cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*

EPSS

0.002

Percentile

56.3%