CVE-2022-24348

Name of the Vulnerable Software and Affected Versions Argo CD versions prior to 2.1.9 Argo CD versions 2.2.x prior to 2.2.4

Description The issue allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. This could enable an attacker to discover credentials stored in a YAML file. The vulnerability can be used to steal sensitive information from Argo CD deployments, including secrets, passwords, and API keys from Kubernetes apps. It affects thousands of organizations globally and could let hackers steal sensitive information. The impact can be critical in environments using encrypted value files containing sensitive data. Additionally, error messages from helm template can be used for file enumeration on the repository server's file system.

Recommendations For Argo CD versions prior to 2.1.9, update to version 2.1.9 or later. For Argo CD versions 2.2.x prior to 2.2.4, update to version 2.2.4 or later. As a temporary workaround, consider restricting access to the helmTemplate function in repository.go until a patch is applied. Avoid using custom Helm charts that could be used to exploit the vulnerability. Restrict permissions to create or update Applications to minimize the risk of exploitation.